Posts by 1marc1

  • Wireguard DNS leak

    I found this 4+ year old thread because I am having the same issue as the OP. I made a workaround for the issue and wanted to share it here, in case others have the same problem.

    I am sure there are multiple ways around the issue, but I implemented one using udev rules in two steps.

    Step 1:

    • Create a file called 99-vpn-dns-fixer.rules in the /etc/udev/rules.d directory.
    • The contents of this file (a single line): ACTION=="add|remove", SUBSYSTEM=="net", KERNEL=="wg0", RUN="/storage/vpn-dns-fixer.sh"
    • Reload the udev rules: udevadm control --reload-rules

    Step 2::

    • Create a file called vpn-dns-fixer.sh in the /storage directory.
    • Make this file executable: chmod +x vpn-dns-fixer.sh
    • The contents of this file are as follows:

    #!/usr/bin/env sh
    resolvfile=/run/connman/resolv.conf
    tmpresolv=/tmp/resolv.conf
    logfile=/tmp/udev.log
    cp $resolvfile $tmpresolv
    if [ -d "/sys/devices/virtual/net/wg0" ]; then
     # wg0 exists, therefore the VPN is up
     sed 's/nameserver 8.8.8.8/#nameserver 8.8.8.8/' $tmpresolv > $resolvfile
     echo `/usr/bin/date`  "$0 Removed 8.8.8.8 from resolv.conf" >> $logfile
    else
     # wg0 does not exist, therefore the VPN is down
     sed 's/#nameserver 8.8.8.8/nameserver 8.8.8.8/' $tmpresolv > $resolvfile
     echo `/usr/bin/date`  "$0 Added 8.8.8.8 to resolv.conf" >> $logfile
    fi


    Explanation::

    In my case, when I am not connected to the VPN, I am using 8.8.8.8 as my DNS server. When I connect to the VPN, 8.8.8.8 remains as the first listed DNS server in the resolv.conf file and the actual DNS server specified by the WireGuard configuration gets listed as the second DNS server. This means that DNS server is effectively not used.

    The 99-vpn-dns-fixer.rules triggers the execution of the /storage/vpn-dns-fixer.sh script whenever udev reports that a network device called wg0 is either added to the system or removed from the system.

    When the script runs, it checks for the presence of the /sys/devices/virtual/net/wg0 directory. If it exists, the VPN must have just come online and the script will then update the resolv.conf file by commenting out the line for my "non-VPN" DNS server.

    When the script runs and does not find the wg0 directory, it concludes that I just disconnected from the VPN and will then remove the comment for the "non-VPN" DNS server.

    I hope this helps someone.