I have configured PPTP VPN connection on Ubuntu 16.04.3 LTS via NetworkManager (nm-pptp-ppp-plugin) and it works. My configuration:
- VPN
- Gateway
- User name
- Password
- Advanced – set some options on PPTP Advanced Options
- IPv4 Settings
- Method: Automatic (VPN) addresses only
- DNS servers : 192.168.1.1 (internal IP address of VPN's default gateway)
- IPv6 Settins
- Method: Ignore
I commented out #dns=dnsmasq
in /etc/NetworkManager/NetworkManager.conf
, ran sudo dpkg-reconfigure resolvconf
and sudo resolvconf -u
.
Without VPN connection my /etc/resolv.conf
contains the following line:
nameserver 192.168.3.1
where 192.168.3.1 is IP of my router.
After that, VPN connection /etc/resolv.conf
changes to:
nameserver 192.168.1.1
nameserver 192.168.3.1
But as far as I can understand it should contain only 192.168.1.1.
Is it possible to remove my router's IP (192.168.3.1) from /etc/resolv.conf
programmatically?
I mean by NetworkManager dispatcher or similar.
It seems that I do not have the DNS leak issue with my current configuration.
P.S. I understand that my question may have been discussed before, but possible duplicates do not fit my needs.
Update 1. On my other 16.04 laptop I also needed to disable systemd-resolved.service
with:
sudo systemctl stop systemd-resolved.service
sudo systemctl disable systemd-resolved.service
Best Answer
This is a well known bug of NetworkManager, specifically it is #1211110. It goes back to Ubuntu 13.04 up to 16.04 and to a worse extent to Ubuntu 16.10.
Then consider yourself pretty lucky. :) Most users (including myself) experienced severe DNS leaks and tried different approaches to solve them.
Here are some approaches suggested in the bug report (summarized):
Comment #22 by Mac Bassett
Comments #27 and #29 by myself
Comment #31 by DaveHenson
(... some other cumbersome solutions that I won't discuss here ...)
Comment #81 by Çağatay Yüksel
The real solution
This bug has been fixed in Ubuntu 17.04. Rather than trying random patches on your system, it is probably a better idea to simply upgrade. :)