Skip to content

DNS leaks with Windows (8.1 + 10)

Hello all,

I experience DNS leaks on 2 different computers (windows 8.1 + windows 10). I tested both on my home internet where I get the DNS via DHCP from my router. IPv6 is disabled

I tested HTTP(S) via https://www.ipleak.net, don't know about other protocols, but I'm happy to test.

==== openvpn.log ====

`Fri Feb 01 07:53:00 2019 Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.

Fri Feb 01 07:53:00 2019 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure

Fri Feb 01 07:53:00 2019 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure

Fri Feb 01 07:53:00 2019 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure

Fri Feb 01 07:53:00 2019 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure

Fri Feb 01 07:53:00 2019 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure

Fri Feb 01 07:53:00 2019 WARNING: Using --management on a TCP port WITHOUT passwords is STRONGLY discouraged and considered insecure

Fri Feb 01 07:53:00 2019 OpenVPN 2.4.6 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Jun 28 2018

Fri Feb 01 07:53:00 2019 Windows version 6.2 (Windows 8 or greater) 64bit

Fri Feb 01 07:53:00 2019 library versions: OpenSSL 1.1.0h 27 Mar 2018, LZO 2.10

Fri Feb 01 07:53:00 2019 Deprecated TLS cipher name 'DHE-RSA-AES128-SHA', please use IANA name 'TLS-DHE-RSA-WITH-AES-128-CBC-SHA'

Fri Feb 01 07:53:00 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]37.218.242.216:443

Fri Feb 01 07:53:00 2019 Attempting to establish TCP connection with [AF_INET]37.218.242.216:443 [nonblock]

Fri Feb 01 07:53:01 2019 TCP connection established with [AF_INET]37.218.242.216:443

Fri Feb 01 07:53:01 2019 TCPv4_CLIENT link local: (not bound)

Fri Feb 01 07:53:01 2019 TCPv4_CLIENT link remote: [AF_INET]37.218.242.216:443

Fri Feb 01 07:53:01 2019 [giraffe.riseup.net] Peer Connection Initiated with [AF_INET]37.218.242.216:443

Fri Feb 01 07:53:02 2019 open_tun

Fri Feb 01 07:53:02 2019 TAP-WIN32 device [Ethernet 2] opened: \.\Global{1B4887B5-0BC9-485D-8240-8D06893846E8}.tap

Fri Feb 01 07:53:02 2019 Set TAP-Windows TUN subnet mode network/local/netmask = 10.41.0.0/10.41.0.31/255.255.248.0 [SUCCEEDED]

Fri Feb 01 07:53:02 2019 Notified TAP-Windows driver to set a DHCP IP/netmask of 10.41.0.31/255.255.248.0 on interface {1B4887B5-0BC9-485D-8240-8D06893846E8} [DHCP-serv: 10.41.7.254, lease-time: 31536000]

Fri Feb 01 07:53:02 2019 Successful ARP Flush on interface [42] {1B4887B5-0BC9-485D-8240-8D06893846E8}

Fri Feb 01 07:53:02 2019 do_ifconfig, tt->did_ifconfig_ipv6_setup=1

Fri Feb 01 07:53:03 2019 NETSH: C:\Windows\system32\netsh.exe interface ipv6 set address interface=42 2001:db8:123::101d store=active

Fri Feb 01 07:53:04 2019 add_route_ipv6(2001:db8:123::/64 -> 2001:db8:123::101d metric 0) dev Ethernet 2

Fri Feb 01 07:53:04 2019 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem

Fri Feb 01 07:53:10 2019 add_route_ipv6(2000::/3 -> 2001:db8:123::1 metric -1) dev Ethernet 2

Fri Feb 01 07:53:10 2019 env_block: add PATH=C:\Windows\System32;C:\Windows;C:\Windows\System32\Wbem

Fri Feb 01 07:53:10 2019 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this

Fri Feb 01 07:53:10 2019 Initialization Sequence Completed `

==== helper.log ====

`2019/02/01 07:52:57 Stop firewall: do nothing, not implemented

2019/02/01 07:52:57 Stop firewall: firewall stopped

2019/02/01 07:52:57 stop openvpn

2019/02/01 07:53:00 Start firewall: do nothing, not implemented

2019/02/01 07:53:00 Start firewall: firewall started

2019/02/01 07:53:00 start openvpn: [--nobind --client --dev tun --tls-client --remote-cert-tls server --dhcp-option DNS 10.41.0.1 --log C:\Program Files\RiseupVPN\openvpn.log --script-security 1 --keepalive 10 30 --tls-cipher DHE-RSA-AES128-SHA --tun-ipv6 --auth SHA1 --cipher AES-128-CBC --remote 37.218.242.216 443 tcp4 --remote 5.79.86.180 443 tcp4 --remote 199.58.81.145 443 tcp4 --remote 37.218.241.7 443 tcp4 --remote 198.252.153.28 443 tcp4 --remote 103.16.26.163 443 tcp4 --verb 1 --management-client --management 127.0.0.1 6061 --ca C:\Users\dell\AppData\Local\Temp\leap-743760555/cacert.pem --cert C:\Users\dell\AppData\Local\Temp\leap-743760555/openvpn.pem --key C:\Users\dell\AppData\Local\Temp\leap-743760555/openvpn.pem]`

==== systray.json ==== {"LastNotification":"0001-01-01T00:00:00Z","Donated":"0001-01-01T00:00:00Z","SelectGateway":false,"UserStoppedVPN":false}

Screenshots: leap_windows

Right now, RiseUP RED is working better on Windows: DNS detection fails on ipleak.net. So it seems to me it is save to use for HTTP(S). red_windows11