Creating a bug report/issue
Required Information
- DietPi version | v8.14.2
- Distro version | bullseye
- Kernel version | 5.15.84-v8+
- SBC model | RPi 3 Model B
Additional Information (if applicable)
I suffer from sporadic DNS leaks while connected to Proton’s Wireguard server. I use dnsleaktest.sh script (GitHub - macvk/dnsleaktest: An open source script tests VPN connection for DNS Leak.) to test DNS leaks. Once every 5-10 tests, I can see my ISPs DNS server on the list of servers detected by the script. For the remaining tests only Proton’s DNS servers are used.
Steps to reproduce
- On fresh Dietpi install I selected Wireguard client and MotionEye software to be installed.
- In Dietpi settings I disabled ipv6.
- I installed UFW and enabled it.
- The following configuration was used for Wireguard:
[Interface]
# Moderate NAT = off
# NAT-PMP (Port Forwarding) = off
# VPN Accelerator = on
PrivateKey = PrivKey
Address = 10.2.0.2/32
DNS = 10.2.0.1
PostUp = ip rule add table 200 to 192.168.2.2
PostUp = ip rule add table 200 to 192.168.1.0/24
PostUp = ip route add table 200 default via 192.168.3.1
PostUp = iptables -A OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = ip rule delete table 200 to 192.168.2.2
PreDown = ip rule delete table 200 to 192.168.1.0/24
PreDown = ip route delete table 200 default via 192.168.3.1
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
[Peer]
# Server
PublicKey = PubKey
AllowedIPs = 0.0.0.0/0
Endpoint = IP:PORT
PersistentKeepalive = 25
- Download dnsleaktest.sh script and run it several times.
Expected behaviour
Only DNS servers of VPNs provider are always used.
Actual behaviour
Once in a while, DNS servers of ISP are detected by the script.