Getting rid of DNS Leak in Windows 10 - your userspace WFP filter in the form of an OpenVPN plugin
As you may already know , the DNS resolver in Windows 10 sends DNS requests for all interfaces in parallel, which is often either just inconvenient when the so-called Split Tunneling is used and the DNS inside the VPN tunnel gives internal addresses for internal resources, while Windows cannot understand what's what, or even creates a security risk, as in the case of a DNS leak through a public Wi-Fi.
You can solve the problem in different ways, for example, temporarily adding firewall rules to block port 53 on all interfaces except the VPN interface, or install on all interfaces except VPN, DNS in 127.0.0.1.
However, these methods make changes that can withstand a reboot, so if you accidentally turned off the electricity while the VPN was running, or the VPN daemon just fell off, you will be left with the Internet not working. There is nothing good about it.
')
However, there is a better way that makes only temporary changes and does not leave the user without the Internet.
The kernel mode driver can view, modify, and log packets and just the data stream, while userspace filters can pass, drop, delay, or direct traffic to the kernel driver based on information from the Ethernet frame or IP packet and their headers, as well as ( at the ALE level of the source and destination interface, process ID, full path to exe, and some other.
A WFP filter can add permanent filters that survive after a reboot, even if the software that installed them was no longer running, temporary filters that persist after the program has finished, but not after a reboot, and session filters that are active only when the program who created them is still being executed.
The user mode filter with session filters is enough for our tasks, and we need:
All this resulted in a plugin for OpenVPN, but the source code can also be compiled as a regular executable file:
github.com/ValdikSS/openvpn-fix-dns-leak-plugin
To use this plugin, download the .dll files from the repository, put them in the config folder next to the configuration file, and add the line to it:
Now you can not be afraid to use VPN on Windows 10 through public Wi-Fi.
UPD: In OpenVPN 2.3.9, an option appeared to block third-party DNS:
You can solve the problem in different ways, for example, temporarily adding firewall rules to block port 53 on all interfaces except the VPN interface, or install on all interfaces except VPN, DNS in 127.0.0.1.
However, these methods make changes that can withstand a reboot, so if you accidentally turned off the electricity while the VPN was running, or the VPN daemon just fell off, you will be left with the Internet not working. There is nothing good about it.
')
However, there is a better way that makes only temporary changes and does not leave the user without the Internet.
Windows Filtering Platform
Starting with Windows Vista, WFP comes in to replace obsolete traffic processing technologies like NDIS, TDI and LSP, a modern, lightweight and convenient technology that works in both kernel mode and user mode. Modern versions of Windows Firewall use WFP just like all third-party firewalls and antiviruses with the ability to check traffic.The kernel mode driver can view, modify, and log packets and just the data stream, while userspace filters can pass, drop, delay, or direct traffic to the kernel driver based on information from the Ethernet frame or IP packet and their headers, as well as ( at the ALE level of the source and destination interface, process ID, full path to exe, and some other.
A WFP filter can add permanent filters that survive after a reboot, even if the software that installed them was no longer running, temporary filters that persist after the program has finished, but not after a reboot, and session filters that are active only when the program who created them is still being executed.
The user mode filter with session filters is enough for our tasks, and we need:
- Forbid all outgoing packets from all interfaces on port 53 via UDP / TCP and IPv4 / IPv6
- Allow any traffic from OpenVPN TAP-interface (s)
All this resulted in a plugin for OpenVPN, but the source code can also be compiled as a regular executable file:
github.com/ValdikSS/openvpn-fix-dns-leak-plugin
To use this plugin, download the .dll files from the repository, put them in the config folder next to the configuration file, and add the line to it:
plugin fix-dns-leak-32.dll plugin fix-dns-leak-64.dll respectively for a 64-bit system with 64-bit OpenVPN.Now you can not be afraid to use VPN on Windows 10 through public Wi-Fi.
UPD: In OpenVPN 2.3.9, an option appeared to block third-party DNS:
block-outside-dns . Use it, not a plugin.Source: https://habr.com/ru/post/268173/
All Articles