Creating a bug report/issue
- DietPi version | v8.14.2
- Distro version | bullseye
- Kernel version | 5.15.84-v8+
- SBC model | RPi 3 Model B
Additional Information (if applicable)
I suffer from sporadic DNS leaks while connected to Proton’s Wireguard server. I use dnsleaktest.sh script (GitHub - macvk/dnsleaktest: An open source script tests VPN connection for DNS Leak.) to test DNS leaks. Once every 5-10 tests, I can see my ISPs DNS server on the list of servers detected by the script. For the remaining tests only Proton’s DNS servers are used.
Steps to reproduce
- On fresh Dietpi install I selected Wireguard client and MotionEye software to be installed.
- In Dietpi settings I disabled ipv6.
- I installed UFW and enabled it.
- The following configuration was used for Wireguard:
[Interface] # Moderate NAT = off # NAT-PMP (Port Forwarding) = off # VPN Accelerator = on PrivateKey = PrivKey Address = 10.2.0.2/32 DNS = 10.2.0.1 PostUp = ip rule add table 200 to 192.168.2.2 PostUp = ip rule add table 200 to 192.168.1.0/24 PostUp = ip route add table 200 default via 192.168.3.1 PostUp = iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT PreDown = ip rule delete table 200 to 192.168.2.2 PreDown = ip rule delete table 200 to 192.168.1.0/24 PreDown = ip route delete table 200 default via 192.168.3.1 PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT [Peer] # Server PublicKey = PubKey AllowedIPs = 0.0.0.0/0 Endpoint = IP:PORT PersistentKeepalive = 25
- Download dnsleaktest.sh script and run it several times.
Only DNS servers of VPNs provider are always used.
Once in a while, DNS servers of ISP are detected by the script.