From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 0O1mHQVZtl+yXgAA0tVLHw (envelope-from ) for ; Thu, 19 Nov 2020 11:37:41 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id kFL/GAVZtl+DDwAAbx9fmQ (envelope-from ) for ; Thu, 19 Nov 2020 11:37:41 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A975F9402A7 for ; Thu, 19 Nov 2020 11:37:40 +0000 (UTC) Received: from localhost ([::1]:45508 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kfiFt-0007SA-TI for larch@yhetil.org; Thu, 19 Nov 2020 06:37:37 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:36688) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kfiFk-0007QH-Nb for help-guix@gnu.org; Thu, 19 Nov 2020 06:37:28 -0500 Received: from lepiller.eu ([89.234.186.109]:45406) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kfiFg-0004Ya-S1 for help-guix@gnu.org; Thu, 19 Nov 2020 06:37:27 -0500 Received: from lepiller.eu (localhost [127.0.0.1]) by lepiller.eu (OpenSMTPD) with ESMTP id 8ae014bb; Thu, 19 Nov 2020 11:37:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=lepiller.eu; h=date :in-reply-to:references:mime-version:content-type :content-transfer-encoding:subject:to:from:message-id; s=dkim; bh=SYXAix1A9qSCqHK19kqMRunEkCI4FQCy585543p9WeA=; b=X28QVmFpiLsi hDYtJLykerq3pZ3Wvs4V38nYY4pzOYHO6q5zu1MGho9DMy/Hqy+jrhx0hFsVb9UW ST8cEAHvj18SxTABMH+zQ3bhT/rjhXUyLYTwt12jCIcCZqjnZkKaz7JQn3RH/05B QrVCoutCK/gV7p6z7/Axv8nh7ft6cTrpZemSnwnfk8ZSDeeFcbaB0Pfvng560zUh nrrYXE85rT79H1W81z31+8Yu6UK335MAJjkgXYgDZlmxoibMs0IeTC8weODjQbzR 5TlTk8kWuKgZqx/4baPaQNKaJX51Ilztf28DbwY8w5q4FCqSWHIDx9Vzcv4Ru5g8 5UU/2qcOQg== Received: by lepiller.eu (OpenSMTPD) with ESMTPSA id 9ed9cc6f (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); Thu, 19 Nov 2020 11:37:15 +0000 (UTC) Date: Thu, 19 Nov 2020 06:36:55 -0500 User-Agent: K-9 Mail for Android In-Reply-To: References: <2281e220-e3d6-0538-44ed-0160811a6a3c@raghavgururajan.name> <62f628f6-4a6e-065b-70ca-374a998b52d2@raghavgururajan.name> <0EBA4657-3F11-4152-BD44-29A0FE12BDEE@lepiller.eu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: OpenVPN Service To: jbranso@dismail.de, Raghav Gururajan , help-guix@gnu.org From: Julien Lepiller Message-ID: Received-SPF: pass client-ip=89.234.186.109; envelope-from=julien@lepiller.eu; helo=lepiller.eu X-detected-operating-system: by eggs.gnu.org: First seen = 2020/11/19 06:37:21 X-ACL-Warn: Detected OS = Linux 2.2.x-3.x [generic] [fuzzy] X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: "Help-Guix" X-Scanner: ns3122888.ip-94-23-21.eu Authentication-Results: aspmx1.migadu.com; dkim=fail (headers rsa verify failed) header.d=lepiller.eu header.s=dkim header.b=X28QVmFp; dmarc=fail reason="SPF not aligned (relaxed)" header.from=lepiller.eu (policy=none); spf=pass (aspmx1.migadu.com: domain of help-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=help-guix-bounces@gnu.org X-Spam-Score: 0.09 X-TUID: V8qfUwTP9rl6 Le 18 novembre 2020 20:04:33 GMT-05:00, jbranso@dismail=2Ede a =C3=A9crit = : >I had an issue with openvpn service leaking my DNS queries=2E I've set >up network manager to manage my vpn connections=2E Though, I think I had >to use DNS over HTTPS to fix the leaking DNS issue=2E Well, this is not tomething you can configure on the VPN side I think=2E T= he server might advertise a DNS server on the VPN, in which case it won't l= eak=2E Ocherwise, you need to check your DNS settings and default routes to= make sure that your DNS server is not on your local network, and uses the = VPN route=2E DoH does not solve this: it's only a way to use DNS over a diffirent, encr= ypted port=2E Usually it's used with an external server (eg=2E Cloudflare),= but it can also be implemented on your local network, in which case you're= still leaking your DNS queries=2E Again, if you want to use DoH, you need = to configure it properly :) > >November 18, 2020 2:55 PM, "Raghav Gururajan" >wrote: > >> Hello Julien! >>=20 >>> I'm surprised by this one: you already set ca to something >different=2E Can you share the generated >>> openvpn=2Econf? >>=20 >> OOPS! There was a mistake in config=2Escm=2E This error is gone now=2E >>=20 >> Now the openvpn=2Econf is https://paste=2Edebian=2Enet/1173026 >>=20 >> and error is https://paste=2Edebian=2Enet/1173027 >>=20 >>> Ok, looking at the service definition, this is not so surprising: it >expects a file in the cert and >>> key fields, and uses the defaults here=2E I'm surprised it doesn't >complain about client=2Ecrt=2E I >>> pushed a small update to the service=2E After you run guix pull, you >should be able to specify (cert >>> 'disabled) and (key 'disabled)=2E >>=20 >> Thanks a lot! I will try it=2E >>=20 >>> This is only a warning, but you don't want your password to be world >readable: chown it to >>> openvpn's user, and chmod it to 600=2E >>=20 >> Cool! >>=20 >> Regards, >> RG=2E