Is it possible to remove my default gateway from /etc/resolv.conf after successful VPN connection?

dns vpn network-manager pptp

This is a well known bug of NetworkManager, specifically it is #1211110. It goes back to Ubuntu 13.04 up to 16.04 and to a worse extent to Ubuntu 16.10.

It seems that I do not have DNS leak issue with my current configuration.

Then consider yourself pretty lucky. :) Most users (including myself) experienced severe DNS leaks and tried different approaches to solve them.

Here are some approaches suggested in the bug report (summarized):

Comment #22 by Mac Bassett

Make a backup copy of this NetworkManager file:

sudo cp /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper.orig

Add the following 3 lines to the file.

#!/bin/bash
/etc/openvpn/update-resolv-conf $@
/usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper.orig $@

Then:

sudo chmod +x /usr/lib/NetworkManager/nm-openvpn-service-openvpn-helper

Caveat: you need to run the following command after disconnecting the VPN.

sudo script_type=down dev=tun0 /etc/openvpn/update-resolv-conf

Comments #27 and #29 by myself

Edit your VPN connection (via NM) and set up static DNS, for example using Google servers:

8.8.8.8, 8.8.4.4

This way, the DNS request is sent through an external IP, hence it is routed using the VPN.

Then also set up your wireless connection to use those static DNS servers.

Comment #31 by DaveHenson

Run openvpn through the command line.

(... some other cumbersome solutions that I won't discuss here ...)

Comment #81 by Çağatay Yüksel

Remove this configuration file:

sudo rm -rf /etc/resolv.conf

Add this line to the [main] section of /etc/NetworkManager/NetworkManager.conf:

dns=dnsmasq

If you have the dnsmasq package installed, you should make sure the dnsmasq service is not enabled otherwise this will not work. You should also reboot.

The real solution

This bug has been fixed in Ubuntu 17.04. Rather than trying random patches on your system, it is probably a better idea to simply upgrade. :)


Update 2 I wrote simple straightforward dirty dispatcher and placed it in /etc/NetworkManager/dispatcher.d/03vpn:

#!/bin/sh -e
RESOLV_CONF=`readlink /etc/resolv.conf`
ROUTER_IP="nameserver 192.168.3.1"

logger -t DNS-antileak "start"
# disable local router IP in /etc/resolv.conf
if [ "$2" = "vpn-up" ]; then
    sed -i "s/$ROUTER_IP/#$ROUTER_IP/g" $RESOLV_CONF
    logger -t DNS-antileak "disabled $ROUTER_IP on vpn-up"
fi 

if [ "$2" = "vpn-down" ]; then
   sed -i "s/#$ROUTER_IP/$ROUTER_IP/g" $RESOLV_CONF
    logger -t DNS-antileak "enabled $ROUTER_IP on vpn-down"
fi 
logger -t DNS-antileak "end"

exit 0

It may be activated with 

sudo chown root:root /etc/NetworkManager/dispatcher.d/03vpn
sudo chmod 755 /etc/NetworkManager/dispatcher.d/03vpn

I tested it with OpenVPN and PPTP connections.

Also I found other DNS-leak tests: Whoer and WhatLeaks.

Related

Program windows turn gray and then go back to normal again
How to install Canon LBP2900b drivers? [duplicate]
Code version control between local files and AU answers
Xdotool does not minimize terminal window when using in Startup Application when pc boots?
Wifi Disconection on ubuntu 16.04 with a dell inspiron 15 laptop
WSL - A Bash line to show when a folder's contents update
Recovering a lost file with testdisk
How to restore Nautilus Launcher icon quicklist to default
Is there a program like Fedy but for Ubuntu?
How to reinstall Ubuntu as part of dual boot?
No 'Open with' option to open/run jar file with openjdk
Grub menu working but hidden, can't make it visible