OpenVPN: DNS over encrypted channel

0

I'm testing a setup which is as follows:

  • Machine A has a Firefox instance which is configured to connect to Machine B via SOCKS v5 at a given port.

  • Machine B has an Alpine Linux Docker container which is running a SSH server listening on a port as a SOCKS v5 server. Firefox from Machine A is connecting to this port on Machine B and it is successfully forwarded into the Docker container. All Firefox requests go to the Internet as originating from that Docker container.

  • That Docker container on Machine B also can additionally run OpenVPN as a client connected to a commercial VPN provider. If the OpenVPN client is running, then all Firefox requests are no longer originating from the Docker container, but are tunneled to the OpenVPN provider and originating from their VPN server.

The problem is that when I enable "Use the SOCKS v5 Proxy for DNS requests" in Firefox, then the DNS lookups are being issued from Machine B. Without it being enabled, they originate from Machine A.

I want these DNS lookups to be tunneled over OpenVPN as well. Is this possible? Is this issue what OpenVPN DNS leakage is about?

Daniel F

Posted 2018-08-12T18:21:49.270

Reputation: 751

Answers

0

You'd need on Machine B an /etc/resolv.conf nameserver configuration of an IP that gets routed over the VPN to a DNS server on the VPN providers network.

Docker will pick up DNS resolution from the Machine B /etc/resolv.conf

While SNAT routing of the UDP on Machine B can push all DNS requests to the VPN provider, their return path will come back via the non-OpenVPN route.

ref: more detailed routing answer

danblack

Posted 2018-08-12T18:21:49.270

Reputation: 190

Asked: 2018-08-12T18:21:49.270

Viewed: 177 times

Active: 2018-08-20T04:33:27.790