I am trying to setup my VPN connections of NordVPN such that I can use internet without VPN nameservers and internet with VPN.
Code in /etc/resolv.conf
setup by the official NordVPN instructions in the thread How to do these NordVPN changes for CyberSec in Debian? + my first line which allows me to use internet when not using VPN
nameserver 8.8.4.4
nameserver 103.86.99.99
nameserver 103.86.96.96
RuiFRibeiro's comment about the situation where he points out that my settings are creating DNS in turns.
This means you are using Google DNS in and out of VPN, and thus having DNS leaking outside of the VPN. Their DNS servers must be used while inside the VPN, and Google outside – in fact you may be using DNS in turns, more complicated, but you got the idea. Actually I have setup VPNs for use in our organization, and I intercept DNS requests, and it does not matter whichever DNS the client has configured. I am surprised both they do not do that, and also they do not provide clearer instructions.
Supported /etc/resolv.conf
by NordVPN
This way, you cannot access internet without VPN, but you will have no leaks while using VPN.
nameserver 103.86.99.99
nameserver 103.86.96.96
Dynamic setting
Pseudocode
- If no
openvpn
active, use Google nameservers, etc8.8.4.4
. -
If
openvpn
active, use NordVPN nameservers such that the key method can be- you might change
resolv.conf
if calling a script to activate the VPN (RuiFRibeiro) - with
iptables
rules intercepting DNS when going the VPN route (RuiFRibeiro) - checking for the presence of a VPN connection/interface in a script piggybacking the dhcp client – – ugly hack (RuiFRibeiro)
- …
- you might change
NordVPN answer acceptable by me
I received a few answers from them but accept only the following ones.
I asked them a schedule when this bottleneck will be solved.
Currently Cybersec feature does not work with Linux machines as there
will be internet connection only when connected to the VPN.If you wish to have no leaks on your Linux machine while connected to
the VPN and internet while not connected, use these DNS addresses.
These are our DNS servers:162.242.211.137
and78.46.223.24
We are sorry to inform you, that CyberSec for Linux is not in the priority list at the moment. ETA is unknown.
Future wishes for NordVPN
- Some binary blob to fix the issue but I want documentation what it does
- Use OpenVPN directly instead of IPesc or PPPT
OS: Debian 9
Best Answer
No support exists for the feature in NordVPN for Linux at the moment. I hope this answer will be deprecated soon.