After months of trying to get to the bottom of the Ubuntu/Pop!_OS VPN debacle, here’s how I resolved DNS leaks on Pop!_OS. Try this and see if it works for you:
- Disable IPv6 in sysctl.conf and network manager (open up terminal, and start with:
$ sudo nano /etc/sysctl.conf
paste the following lines of code to the bottom of the file:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1
Then open up your network manager, find your WiFi or ethernet connection, click the gear, then click on the tab at the top of the pop-up that says “IPv6”. Click the button next to “disable”, then click “apply.” You may need to restart your machine.
- Disable WebRTC (you may not get a return on a WebRTC leak test, but that’s because you disabled it)
- Log in as root ($ sudo su, enter your password) and enter your VPN’s DNS servers in resolv.conf (example:)
nameserver x.x.x.x
nameserver x.x.x.x
You may need to make the config file unwriteable
(logged in as root # chattr +i /etc/resolv.conf)
Restart your machine.
- Disable DNS over HTTPS in your browser
If you’re using Firefox, open up preferences, scroll all the way to the bottom where it says “Network Settings,” click the settings button, then UNCHECK the box at the bottom of the page that says “Enable DNS over HTTPS”.
-
Turn on your VPN (I’m using an app from my VPN provider-- I haven’t tried OpenVPN in Network Manager). If your VPN provider has a Linux app, use it instead of Network Manager.
-
Run a DNS leak test (I recommend ipleak.org, ipleak.net, and dnsleaktest.com). Your IP and DNS addresses should be the same if you’re connected to your VPN’s DNS servers.