Split tunneling: Difference between revisions
No edit summary |
No edit summary |
||
Line 18: | Line 18: | ||
KillMode=mixed | KillMode=mixed | ||
Type=forking | Type=forking | ||
ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn | ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid | ||
PIDFile=/run/openvpn/%i.pid | PIDFile=/run/openvpn/%i.pid | ||
ExecReload=/bin/kill -HUP $MAINPID | ExecReload=/bin/kill -HUP $MAINPID | ||
Line 33: | Line 32: | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
apt-get install apt-utils curl resolvconf | make sure the following are installed: | ||
apt-get install nano sudo apt-utils iptables curl resolvconf unzip | |||
Configure VPN DNS Servers to Stop DNS Leaks | |||
Next we are going to prevent DNS leak. DNS Leaks are often the main reason your real identity gets exposed even if using VPN. You can read more about DNS leaks here and test them here. The update-resolv-conf script that comes with OpenVPN will automatically apply the preferred DNS servers when OpenVPN connects. | |||
This script will make sure that when using OpenVPN you are not subject to DNS leaks. We will use PIA's DNS Servers (209.222.18.222 and 209.222.18.218) and Google's (8.8.8.8) as a third option. You are free to use the DNS servers you trust and prefer. It is advised to change the local DNS to a public even if you are not using VPN. If you are behind a router (and you probably are), it is also a good practice to configure public DNS address on the router too. | |||
Note: make sure you are using a static IP on your machine or reserved DHCP also known as static DHCP. Do not configure the static IP on your server, as resolvconf will not work then. You should set the static IP from your router! | |||
Open the update-resolv-conf file | |||
sudo nano /etc/openvpn/update-resolv-conf | |||
Locate this part | |||
# foreign_option_1='dhcp-option DNS 193.43.27.132' | |||
# foreign_option_2='dhcp-option DNS 193.43.27.133' | |||
# foreign_option_3='dhcp-option DOMAIN be.bnc.ch' | |||
Replace the part highlighted in red, make sure you uncomment (remove the # from beginning) these 3 lines, and pay attention to the third line where your need to replace DOMAIN with DNS. | |||
It should look exactly like this | |||
foreign_option_1='dhcp-option DNS 209.222.18.222' | |||
foreign_option_2='dhcp-option DNS 209.222.18.218' | |||
foreign_option_3='dhcp-option DNS 8.8.8.8' | |||
Hit Ctrl+X, Y and Enter to Save. | |||
Your DNS is configured for OpenVPN to prevent DNS leaks. | |||
Revision as of 21:43, 3 March 2022
setup openvpn
create systemd service file for openvpn
sudo nano /etc/systemd/system/openvpn@openvpn.service
[Unit] Description=OpenVPN connection to %i Documentation=man:openvpn(8) Documentation=https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage Documentation=https://community.openvpn.net/openvpn/wiki/HOWTO After=network.target [Service] RuntimeDirectory=openvpn PrivateTmp=true KillMode=mixed Type=forking ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --config /etc/openvpn/%i.conf --writepid /run/openvpn/%i.pid PIDFile=/run/openvpn/%i.pid ExecReload=/bin/kill -HUP $MAINPID WorkingDirectory=/etc/openvpn Restart=on-failure RestartSec=3 ProtectSystem=yes LimitNPROC=10 DeviceAllow=/dev/null rw DeviceAllow=/dev/net/tun rw [Install] WantedBy=multi-user.target
make sure the following are installed:
apt-get install nano sudo apt-utils iptables curl resolvconf unzip
Configure VPN DNS Servers to Stop DNS Leaks
Next we are going to prevent DNS leak. DNS Leaks are often the main reason your real identity gets exposed even if using VPN. You can read more about DNS leaks here and test them here. The update-resolv-conf script that comes with OpenVPN will automatically apply the preferred DNS servers when OpenVPN connects.
This script will make sure that when using OpenVPN you are not subject to DNS leaks. We will use PIA's DNS Servers (209.222.18.222 and 209.222.18.218) and Google's (8.8.8.8) as a third option. You are free to use the DNS servers you trust and prefer. It is advised to change the local DNS to a public even if you are not using VPN. If you are behind a router (and you probably are), it is also a good practice to configure public DNS address on the router too.
Note: make sure you are using a static IP on your machine or reserved DHCP also known as static DHCP. Do not configure the static IP on your server, as resolvconf will not work then. You should set the static IP from your router!
Open the update-resolv-conf file
sudo nano /etc/openvpn/update-resolv-conf Locate this part
- foreign_option_1='dhcp-option DNS 193.43.27.132'
- foreign_option_2='dhcp-option DNS 193.43.27.133'
- foreign_option_3='dhcp-option DOMAIN be.bnc.ch'
Replace the part highlighted in red, make sure you uncomment (remove the # from beginning) these 3 lines, and pay attention to the third line where your need to replace DOMAIN with DNS.
It should look exactly like this
foreign_option_1='dhcp-option DNS 209.222.18.222' foreign_option_2='dhcp-option DNS 209.222.18.218' foreign_option_3='dhcp-option DNS 8.8.8.8' Hit Ctrl+X, Y and Enter to Save.
Your DNS is configured for OpenVPN to prevent DNS leaks.
Sources
https://www.htpcguides.com/compile-latest-openvpn-from-source-on-debian-8/
https://www.htpcguides.com/force-torrent-traffic-vpn-split-tunnel-debian-8-ubuntu-16-04/