Jump to content
TorGuard
  • 0
Sign in to follow this  
rofldothtml

Dns leak with openVPN

Rate this question

Question

rofldothtml

If I use the torguard client, it makes my ping go to 3000 every 5 seconds, so I used the VPN set up in windows and it gives me horrible download speeds, so I use OpenVPN now. It works completely fine, except if I do a test on dnsleaktest.com it gives me a list of ips from google. 

 

Share this post


Link to post
Share on other sites

9 answers to this question

Recommended Posts

  • 0
rofldothtml

i already downloaded it earlier and it still has the ping spikes

Share this post


Link to post
Share on other sites
  • 0
TorGuard

- Google chrome has WebRTC enabled by default which will leak your IP addresses.

- Your network device could be still using your ISP's DNS servers. Which will require you to set the DNS servers to alternative ones.

 

aH9Mt3o.png

 

Since you are not using the client you will have to do these fixes manually. TorGuard VPN client prevents these leaks.

Share this post


Link to post
Share on other sites
  • 0
Support

Hello, would it be possible that we logged on to take a look at the ping issue while using TG Client ? Thanks

Share this post


Link to post
Share on other sites
  • 0
19807409

If I use the torguard client, it makes my ping go to 3000 every 5 seconds, so I used the VPN set up in windows and it gives me horrible download speeds, so I use OpenVPN now. It works completely fine, except if I do a test on dnsleaktest.com it gives me a list of ips from google. 

 

It is since couple of years something that many ISP do. You recognise it as example if you do enter wrong page, then you dont get redirected to the standard error page but to some of your provider. 

 

What they do is DNS hijacking and everybody should be really aware of this. Here is what you can do to stop this bad and stupid behaviour of your ISP.

 

first ping some nonexistant ip:

ping someNonExistantDomain.tld

If you get any response instead of host not found, then your DNS is being probably hijacked. This means you discovered first bogus nxdomain.

 

Now let's look for any other address which you might know about if you get responses to the ping (lets say ping returned you 123.123.123.123):

nslookup someNonExistantDomain.tld

If you get answer something like this

Non-authoritative answer:
Name:   someNonExistantDomain.tld
Address: 123.123.123.123
Name:   someNonExistantDomain.tld
Address: 123.123.123.124

Here we can see that there is another bad IP which you dont like.

 

Now your question is probably how to stop your ISP from playing such cards :) ?

 

Here you go ;)

just add these ip's to your dnsmasq as bogus-nxdomain.

bogus-nxdomain=123.123.123.123
bogus-nxdomain=123.123.123.124

Thats it, you are finished.

 

On OpenWRT, DD-Wrt, Tomato, ... you mostly find dnsmasq under services.

How to check If you did everything right? Here you go :), make again nslookup to the same domain

[email protected]:~# nslookup someNonExistantDomain.tld
nslookup: can't resolve '(null)': Name does not resolve

nslookup: can't resolve 'someNonExistantDomain.tld': Name does not resolve

and if you ping it, you will not get any reply like previously:

[email protected]:~# ping someNonExistantDomain.tld
ping: bad address 'someNonExistantDomain.tld' 

For those who did not know what for these settings could be usefull, I hope you learned now something :)

 

Share this post


Link to post
Share on other sites
  • 0
Bertus

What can the ISP do if my DNS is hijacked? Does this apply if I use Google DNS?

Share this post


Link to post
Share on other sites
  • 0
19807409

What can the ISP do if my DNS is hijacked? Does this apply if I use Google DNS?

 

Your ISP could stop hijacking your DNS because it's mostly your ISP. If it is not your ISP, but some new IP, then you can tell to your ISP about it and they will prbably take much, much longer then you entering bogus address into your interface, from experience, my call would be still on hold in support where I can solve the problem by myself.

 

However, especially if your ISP is hijacking your DNS, ask them about it and why do they do such bad things.

 

To reply to second question, yes, it applies in most cases today to any DNS. You shold google for transparent DNS proxies. That's mainly how your DNS gets leaked. This is very nice picture which is selfexplaining:

transparent-dns-proxy.png

 

You can use dnsleaktest to check your DNS if it leaks or not (make advanced test). If you see more than one entry, especially one from your country during you are connected to torguard vpn. This is how it looks for me, where my openvpn runs on my router, I do not need to setup any client additionally, where some bad configured clients (ie. of my guests) cant harm any client in my network and it can't leak the DNS too.

XrldLQ5.png

Share this post


Link to post
Share on other sites
  • 0
saqib

I use viscosity on my Macbook Pro to connect to OpenVPN. On my old laptop, it connected no problem, and passed DNS leak tests with no problem. I`d setup on this using openvpn review guide.


After my upgrade to a new Mac, I can connect, and the IP address seems to be changing correctly, but the DNS leak test is failing miserably, showing up as still being in the USA. As far as I can tell, the settings are identical to my old Mac in both the control panel and in Viscosity. Any help?


Share this post


Link to post
Share on other sites
  • 0
TorGuard

 

I use viscosity on my Macbook Pro to connect to VPN. On my old laptop, it connected no problem, and passed DNS leak tests with no problem.

After my upgrade to a new Mac, I can connect, and the IP address seems to be changing correctly, but the DNS leak test is failing miserably, showing up as still being in the USA. As far as I can tell, the settings are identical to my old Mac in both the control panel and in Viscosity. Any help?

 

 

TorGuard dropped support for Viscosity due to it having many bugs. It is recommended that you use the TorGuard VPN client over Viscosity.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...