Hi,
Then I suggest you contact PIAs support and ask them to advise how to use their active dns servers with openvpn?
Alternatively: How is nextdns configured on your router?
If its using DNS-over-TLS/QUIC or DNS-over-HTTPS, then you can use that instead and their shouldn’t be any leaks.
Thanks Tom.
The people in tech support of PIA aren’t qualified to give advice about this, it’s really bad. The last time I had a conversation with support they didn’t know their files had a MD5/SHA256 hash… so I can’t go for help there…
NextDNS isn’t configured in any way, it’s just a number linking to a NextDNS account, just like 1.1.1.1. So that would leak.
I need to find a way to connect to my VPN again without leaking and getting a pushed DNS…
I can only find this Using PIA DNS in Custom Configurations - Knowledgebase / Technical / Application Settings and Features / DNS - PIA Support Portal in their knowledgebase but that doesn’t help either.
And this for setup of a router PIA Support Portal
HI,
Not in position to test, but from reading the links provided this should work.
Set dns servers in myosmc to your router or the nextdns ones. Then update your vpn configuration:
Remove:
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Replace with:
dhcp-option DNS 10.0.0.243
Then reboot or restart openvpn.
Thanks Tom.
Should I set OSMC to DHCP the request? or just set it to the router IP or should I set it to the NextDNS IP?
Because when I did put it to DHCP in MyOSMC the VPN connected, I just couldn’t see if there was a leak since the DNS leak addon is not available for Kodi 19.
If I add dhcp-option DNS 10.0.0.243 would this prevent it from leaking? Is there any way to test this? I never used this in the config but the leak test was always ok back when the DNS leak test addon worked.
HI,
This bit doesn’t really matter, we just need a dns server that can be accessed so ntp and openvpn start correctly.
From what I understand this does essentially what the 3 lines in the config file used to do, its just using private IPs rather than public. So yes this should prevent leaking.
Thanks Tom.
So I can use any DNS? 1.1.1.1 too? It will be replaced once the server connects?
So if the VPN shuts off, what happens? Nothing except for the VPN will be able to connect? That’s what I’m trying to make happen because it does shut off pretty often and doesn’t reconnect, even with watchdog enabled I have to restart. That’s why I want it to killswitch, including DNS requests. I think dillthedog told me to use the 3 lines in my openvpn.
Does it matter where I put the dhcp-option DNS 10.0.0.243 in the config?
Is there a way to test if it leaks through SSH?
There’s a matrix version of the DNS leak test addon that isn’t in the kodi repo, if that’s useful. You’ll have to install via zip. Google ‘dns leak test addon matrix’ and there’s a link in a Reddit post to version 1.1.3. Works well for me.
I noticed it was on github but I don’t know how to install it on v19.
I can only find 1.1.2 on GitHub but the link in the Reddit post to 1.1.3 works just as well as it used to in Leia. I downloaded it on my laptop, transferred zip file to kodi and installed from zip, although I’m sure you can do this in one step via the command line.
Here’s the link https://www.reddit.com/r/Addons4Kodi/comments/m9ioht/dns_leak_tester_on_19/
I could wget the file but I have no idea how to use it lol
However, is the file safe? Since it isn’t in the official repo.
I can’t answer that as I don’t have enough knowledge, but it’s from the original author and has been working well for me with no problems.
He has been inactive for a long time, I might install it, I’ll wait and see what Tom_Doyle has to say about my post above and if he thinks it’s safe enough to install, but thank you! I really liked that program.
Hi,
yes.
Its needs to replace those 3 lines, so it should be at the bottom after disable-occ.
If that’s the watchdog I posted a while back, I don’t think its working as expected. I’m going to try a rewrite, I’ll ping you if I get anything worth testing.
Thanks Tom.
Ok thank you.
I added it and replaced the 3 lines.
I think it was and it doesn’t work that well. PIA OVPN broke need help with new setup (NextGen) - #60 by Tom_Doyle it was in that post.
But is there a way to prevent OSMC from connecting to anything except for the VPN? I don’t want it to leak when the VPN breaks down again, which happens often…
As for the DNS leak test program Reddit - Dive into anything is this safe to install?
Hi,
Looks ok to me, but if you get issues you’ll will need to contact the auther for support. Also this appears to the link for the matrix version:
Thanks Tom.
how do you install it through SSH? Or is there a way to check if you leak through SSH? like nslookup but for OSMC.
Also any thoughts on the above? Is there no way to killswitch while disconnected from the VPN?
cd ~
wget https://github.com/Space2Walker/plugin.program.dnsleaktest/releases/download/v1.1.2/plugin.program.dnsleaktest.zip
Then in kodi, install addon from zip.
Isn’t that what the Iptables rules are doing?
Thanks Tom.
Ignore the security popup? its a different version by the way https://github.com/Space2Walker/plugin.program.dnsleaktest/archive/refs/tags/v1.1.3.zip
I don’t want to damage my OSMC.
wget https://github.com/Space2Walker/plugin.program.dnsleaktest/archive/refs/tags/v1.1.3.zip
–2021-11-17 21:32:27-- https://github.com/Space2Walker/plugin.program.dnsleaktest/archive/refs/tags/v1.1.3.zip
Resolving github.com (github.com)… 140.82.121.3
Connecting to github.com (github.com)|140.82.121.3|:443… connected.
HTTP request sent, awaiting response… 302 Found
Location: https://codeload.github.com/Space2Walker/plugin.program.dnsleaktest/zip/refs/tags/v1.1.3 [following]
–2021-11-17 21:32:28-- https://codeload.github.com/Space2Walker/plugin.program.dnsleaktest/zip/refs/tags/v1.1.3
Resolving codeload.github.com (codeload.github.com)… 140.82.121.10
Connecting to codeload.github.com (codeload.github.com)|140.82.121.10|:443… connected.
HTTP request sent, awaiting response… 200 OK
Length: unspecified [application/zip]
Saving to: ‘v1.1.3.zip’v1.1.3.zip [ <=> ] 836.00K 458KB/s in 1.8s
2021-11-17 21:32:30 (458 KB/s) - ‘v1.1.3.zip’ saved [856060]
Yes but if the connection breaks doesn’t it still try to query TMDB and all other things with your own IP if the VPN is off since it allows udp on port 53 for eth0
sudo iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -o eth0 -p icmp -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 123 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A OUTPUT -o eth0 -p udp -m udp --dport 1197 -j ACCEPT
-A OUTPUT -o eth0 -j DROP
Hi,
What pop up?
Yes and its not easy to prevent this and its beyond the scope of OSMCs support. I think it’ll be easier to fix the watchdog, I’m nearly got something together.
Thanks Tom.
When you want to install addons it gives a popup in OSMC that “for security, installation of add-ons from unknown sources is disabled” and if you want to enable it. “Add-ons will be given access to personal data stored on this device. By allowing, you agree that you are solely responsible for any loss of data, unwanted behaviour or damage to your device. Proceed?”
That was what happened before, it couldn’t query when connection wasn’t available, I think. I want that again, I don’t want to keep sending requests to cloudflare with my own IP, even if it’s nothing important, that’s why you have a VPN to begin with.