openpvn-client: Use VPN native DNS server to avoid DNS leaks
Upon activation, VPN client will successfully create it's own resolv.conf.vpn.<my_vpn_connection>.conf
file with preferred DNS resolver.
DNS switching might work automatically on upstream OpenWrt with dnsmasq as default resolver, see https://protonvpn.com/support/how-to-set-up-protonvpn-on-openwrt-routers/
However, unlike upstream OpenWrt, Turris OS is using Kresd as DNS resolver, so default resolv conf file (/tmp/resolv.conf.d/resolv.conf.auto
) will be used instead of the vpn specific resolf.conf
, which leads to DNS leaks.
We need to figure out how to switch the resolv files upon VPN client startup and shutdown. The resolv.conf.vpn.<my_vpn_connection>.conf
file is created by the openvpn hotplug scripts, so perhaps we could adjust these scripts to switch DNS resolvers.
For example (crude idea):
# up
mv resolv.conf.auto resolv.conf.auto.bkp
ln -s resolv.conf.vpn.myvpn resolv.conf.auto
/etc/init.d/resolver restart
# down
rm resolv.conf.auto
/etc/init.d/resolver restart