KenPC
June 9, 2023, 6:47am
1
Have a Linode instance and downloaded the OVPN configs for PIA. Once connected I can ping addresses directly, but DNS does not work
tried changing resolv.conf and adding options in my .ovpn to set a dns server to cloudflare or google.
Still can’t ping google.com . But If I disconnect, DNS works fine.
Server is Ubuntu 22.04 LTS
Could PIA be hijacking DNS?
(Unless you are using a PIA suggested DNS)
Mulvad likes to do the same, by default
Have you tried a browser with DOH/DOT?
There are a couple apps to provide the services if that is the case, like stubby and unbound
KenPC
June 10, 2023, 10:40am
3
I’m using a headless OS so I only have access to terminal.
networking isn’t my strong suit. but IDK why PIA OVPN would bork DNS.
I’d hate to bother @wendell but have you had any similar issues?
Have you tried using the PIA DNS Servers and seeing if it works?
Try use 10.0.0.242 or 209.222.18.222 and 209.222.18.218
Why not Wireguard out of interest? OVPN Is very slow. I get 1G/1G out of the smallest Linode instance back to my house over Wireguard
Also personally I would switch from PIA to Mullvad, but that’s just my preference
2 Likes
KenPC
June 11, 2023, 12:36am
5
I didn’t know you could use wireguard over terminal, I thought you needed the app
rcxb
June 11, 2023, 5:54am
6
OpenVPN has options like block-outside-dns
and register-dns
you might want to look for in your config. Others that might block traffic include block-local
Split-Tunnel OFF
pull
and redirect-gateway
.
To test a DNS server, try: dig @8.8.4.4 www.google.com
Change 8.8.4.4 to your preferred server.
If it works you might just need nameserver 8.8.4.4
in your /etc/resolv.conf… Unless you have some other system like systemd-resolved - ArchWiki taking priority in which case you have to configure it. nmtui
is a good place to start editing your DNS settings.
Wireguard is built into the Linux kernel now
KenPC
June 12, 2023, 12:29am
8
I had to install wireguard-tools package to enable it.
Weird issue. I tried it out following this
PIA Wireguard setup
And ran my scan and was getting half the rate I’m supposed to get, but on openVPN, I’m getting full speed.
I’m doing a scan for vnc ports (5900,5901,5902) and on wireguard, I was getting no results but ovpn I get instant results at full speed.
So if your IDS gets a syn packet for those, just ignore it, it was me doing research