OpenVPN DNS leak fix?


(Blonde) #1

Every VPN, including OpenVPN (community edition)/OpenVPN-AS leak the DNS data, your visited website names is not protected from surveillance eyes?

How to make the DNS data and name of the domain that we visited over VPN/OpenVPN get encrypted as well? I believe based on lots of tests, they are never get encrypted by default and I can’t find a way to fix this? This means every website we accessing will be logged even on Encrypted VPN OpenVPN TCP/UDP any. How to fix this?

Thanks


(Jay Dax) #2

All DNS data should be in the tunnel and hence protected as long as you are using the VPN providers DNS servers, if your PC is still communicating DNS data with your connected ISP then you need to be using a different VPN provider. OpenDNS thinks they have had this problem fixed for a while but I cant say 100% this is true as I don’t use it How can I fix a DNS leak?


(Blonde) #3

hiya @J_J

There are known ways, that is possible to implement traffic, data and DNS filtering that can read all outgoing and incoming traffic, so you can see if data is properly encrypted or not. I feel my DNS data is not encrypted. If you believe your DNS data is encrypted, how do you test it to be sure it’s actually encrypted? And how are you sure that’s encryption is not easy to break in?

thnx


(Jay Dax) #4

Simple way, my VPN provider uses DNS servers on the 10.x.x.x network these are private IP addresses so obviously will not resolve any sites unless the request is made within the tunnel if you confirm a 10.x.x.x DNS server with nslookup and you can still resolve sites then the requests are being made on the private VPN network.

Can you ever be 100% sure that your encryption is not being broken? Nope, but can you ever be 100% sure of anything. If you are targetted by an alphabet agency then probably nothing is secure


(Blonde) #5

hiya @J_J

I have few network adapters in my ‘networks connections’ in control panel of windows 10 x64. concerning two, one is the actual ethernet card adapter and one is the actual wifi adapter, one adapter for each SSTP VPN, and last one Openvpn virtual adapter.
Scenario 1: connecting over Ethernet to the internet:
For increased security, shall I put a DNS server on my actual ethernet card to prevent connecting to ISP’s DNS? If yes, then when I’m connecting by SSTP or Openvpn or both at the same time, NSlookup doesn’t bring up the SSTP or Openvpn’s DNS servers, while connecting to SSTP VPN or Openvpn or both should override the DNS that is set on the actual Ethernet card adapter, this is concerning for me. giving an example, If I connect in this condition to SSTP or openvpn or both to a VPN server in country X, my nslookup DNS servers should confirm the DNS servers that are located in the country X, or a corresponding DNS server that serves DNS requests for that country that VPN server is located, I can confirm that whatever DNS is set on the actual ethernet card adapter is only confirming by nslookup. Also, I’m still researching this how to fix it?
My ideal condition is having one VPN on dd-wrt firmware-d router, one VPN on SSTP, and another connection over Openvpn. And I’m looking to get confirmation of last DNS server of Last VPN connection by nslookup, that is in this example and structure, Openvpn’s made connection to country X whenever it happens, DNS server that nslookup is confirming should be the DNS server located in country X(that serves the DNS requests for Openvpn in that country or it can be located outside of that country, if the admin of Openvpn will set this on).

Based on my knowledge, in Openvpn-AS, whenever you run your own Openvpn-AS server, it uses the DNS servers of the server that Openvpn-AS is installed on it. But I wonder in commercial Openvpn VPN services, they sometimes put the DNS outside of the country that Openvpn server is located. that could be good or bad, good in case that server location in the target country is written 14eyes countries, but sometimes even if it’s not, DNS server is located outside of it.

Actually, I’m looking for business class security and privacy for business purpose. But nowadays most worlds intelligence agencies do spy on businesses, so I want to keep myself secure, so even make it N~SA/F~BI proof as the maximum that is possible. Otherwise, I can’t sleep a night7K3E2rC%20(1)%20(1)

thnx


(Blonde) #6

Extreme surveillance’ becomes UK law with barely a whimper
A bill giving the UK intelligence agencies and police the most sweeping surveillance powers in the western world has passed into law with barely a whimper, meeting only token resistance over the past 12 months from inside parliament and barely any from outside.

The Investigatory Powers Act, passed on Thursday, legalises a whole range of tools for snooping and hacking by the security services unmatched by any other country in western Europe or even the US.

The security agencies and police began the year braced for at least some opposition, rehearsing arguments for the debate. In the end, faced with public apathy and an opposition in disarray, the government did not have to make a single substantial concession to the privacy lobby.

US whistleblower Edward Snowden tweeted: “The UK has just legalised the most extreme surveillance in the history of western democracy. It goes further than many autocracies.”

Snowden in 2013 revealed the scale of mass surveillance – or bulk data collection as the security agencies prefer to describe it – by the US National Security Agency and the UK’s GCHQ, which work in tandem.

But, against a backdrop of fears of Islamist attacks, the privacy lobby has failed to make much headway. Even in Germany, with East Germany’s history of mass surveillance by the Stasi and where Snowden’s revelations produced the most outcry, the Bundestag recently passed legislation giving the intelligence agencies more surveillance powers.

The US passed a modest bill last year curtailing bulk phone data collection but the victory of Donald Trump in the US presidential election is potentially a major reverse for privacy advocates. On the campaign trail, Trump made comments that implied he would like to use the powers of the surveillance agencies against political opponents.

The Liberal Democrat peer Lord Strasburger, one of the leading voices against the investigatory powers bill, said: “We do have to worry about a UK Donald Trump. If we do end up with one, and that is not impossible, we have created the tools for repression. If Labour had backed us up, we could have made the bill better. We have ended up with a bad bill because they were all over the place.

“The real Donald Trump has access to all the data that the British spooks are gathering and we should be worried about that.”

The Investigatory Powers Act legalises powers that the security agencies and police had been using for years without making this clear to either the public or parliament. In October, the investigatory powers tribunal, the only court that hears complaints against MI6, MI5 and GCHQ, ruled that they had been unlawfully collecting massive volumes of confidential personal data without proper oversight for 17 years.

One of the negative aspects of the legislation is that it fails to provide adequate protection for journalists’ sources, which could discourage whistleblowing.

One of the few positives in the legislation is that it sets out clearly for the first time the surveillance powers available to the intelligence services and the police. It legalises hacking by the security agencies into computers and mobile phones and allows them access to masses of stored personal data, even if the person under scrutiny is not suspected of any wrongdoing.

Privacy groups are challenging the surveillance powers in the European court of human rights and elsewhere.

Jim Killock, the executive director of Open Rights Group, said: “The UK now has a surveillance law that is more suited to a dictatorship than a democracy. The state has unprecedented powers to monitor and analyse UK citizens’ communications regardless of whether we are suspected of any criminal activity.”

Renate Samson, the chief executive of Big Brother Watch, said: “The passing of the investigatory powers bill has fundamentally changed the face of surveillance in this country. None of us online are now guaranteed the right to communicate privately and, most importantly, securely.”

The above is where the tax payers’ money is gone in UK, and why I should be extremely worried about my broken privacy rights :sneezing_face::space_invader::alien::skull: