8 days later

GrapheneOS So as I understand this issue only occurs when a disconnect happens from the VPN side exposing the DNS. But wouldn't graphene's own "always on VPN" service prevent the leak since it waits for the VPN to re-connect before releasing traffic? (assuming the user has "always on VPN" turned... on)

    PenPusher No, unfortunately, that is the issue. Even when "always on VPN" and "block connections not going over VPN" are enabled, DNS will leak in rare circumstances. The issue is apparently very hard to fix due to how DNS is implemented in relation to app based VPNs, but the GrapheneOS developers are working on a solution.

    If you use the built-in VPN support instead of a VPN app, no leak will ever happen. The official Wireguard VPN app seemed to be more robust than some VPN provider specific ones, if you need to use Wireguard.

      ryrona If you use the built-in VPN support instead of a VPN app

      Do you think it is possible with Protonvpn? Thank you.

      • mmmm replied to this.

        mmmm I tried to setup a native IPSec / IKEv2 client with Proton VPN but couldn't make it work. If you succeed, please post your settings, thank you 🌷

        • mmmm replied to this.

          No luck with ProtonVPN free account and Netherlands servers.

          Proton is the worst I've seen, it has bad routing. For example, on a Macbook, if you are connected to Proton and set up a VPN with your server, the traffic bypasses Proton. I checked on my server and saw my private IP, which is not observed with PIA (private internet access).

          DeletedUser115 hmmm. Thats definitely my bad. It doesnt seem possible. I thought I had set it up like that on a little used profile I have for a specific purpose but in fact I used OpenVPN Connect. I was conflating that with setting up a free proton account using the in built VPN functionality of a windows 10 machine but even the instructions for that seem to have disappeared from Protons website. Sorry for the bad info all.

            What is the definition of "built-in VPN client" ? IPSec? Isn't it the only one running in kernel mode? Maybe that is why it is not affected. It could be a race condition between OS and user space VPN apps.