Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS leak when nordlynx is disconnected #101

Closed
krbrs opened this issue Oct 12, 2022 · 8 comments
Closed

DNS leak when nordlynx is disconnected #101

krbrs opened this issue Oct 12, 2022 · 8 comments
Labels
bug Something isn't working help wanted Extra attention is needed Stale

Comments

@krbrs
Copy link

krbrs commented Oct 12, 2022
edited
Loading

Describe the bug

DNS is leaking when the container starts, can't say if it's the same when the connection drops
Same behavior as mentioned in bubuntux/nordvpn#361
docker-compose was put together from different suggestions on the Wiki

Steps to reproduce

  • Start container from docker compose
  • See DNS logs and find URLs from Containers called which are behind the nordlynx container until the connection is established

To Reproduce using docker-compose

docker-compose.yml:

version: "3"
services:
  nordvpn:
    container_name: nordvpn
    image: ghcr.io/bubuntux/nordlynx:latest
    pull_policy: always
    cap_add:
      - NET_ADMIN
    restart: unless-stopped
    environment:
      - QUERY=$QUERY
      - NET_LOCAL=$NET_LOCAL
      - ALLOWED_IPS=$ALLOWED_IPS
      - TZ=$TZ
      - PRIVATE_KEY=$PK
#     - DNS=$DNS # commented out as default has changed back to Nord servers
      - "POST_UP=ip -4 route add $$(wg | awk -F'[: ]' '/endpoint/ {print $$5}') via $$(ip route | awk '/default/ {print $$3}')"
      - "PRE_DOWN=ip -4 route del $$(route -n | awk '/255.255.255.255/ {print $$1}') via $$(ip route | awk '/default/ {print $$3}')"
    ports:
      - **ports you need forwarded for behind containers**

I don't think the variables are important for troubleshooting, just set whichever fits your setup

Expected behavior

No DNS leak at all even if nordvpn connection is down.
@krbrs krbrs added bug Something isn't working help wanted Extra attention is needed labels Oct 12, 2022
@krbrs
Copy link
Author

krbrs commented Oct 12, 2022

So this issue bugged me as I don't want to leak my IP over DNS...

I updated part of my docker-compose.yml for the affected service (not included in the config above) and it seems to at least fix the issue for leaking the IP on start - idk about a leak on connection drop tho:

  *service-name*:
    container_name: *container-name*
    image: *imagename*:latest
    pull_policy: always
    restart: on-failure
    network_mode: service:nordvpn
    volumes:
      - *volume*:*volume*
    environment:
      - PGID=$PGID
      - PUID=$PUID
      - TZ=$TZ
    depends_on:
      nordvpn:
        condition: service_healthy

The last part makes the other container(s) wait on start until the healthcheck of "nordvpn" reports healthy

Still I think this can be addressed elsewhere on nordlynx container start

@Smiggel
Copy link

Smiggel commented Oct 15, 2022

How did you get the service running?

When I add the code below to my containers, I get the error "no such service: nordvpn"

    depends_on:
      nordvpn:
        condition: service_healthy

Tried your stack example, but no luck.

@krbrs
Copy link
Author

krbrs commented Oct 15, 2022

You just need to make sure the compose version is "3" and that your NordVPN service is called "nordvpn" as in the first comment on that issue - the vpn and other containers are all on the same compose file here. Don't add that dependency to the NordVPN service of course.

@Smiggel
Copy link

Smiggel commented Oct 15, 2022

You just need to make sure the compose version is "3" and that your NordVPN service is called "nordvpn" as in the first comment on that issue - the vpn and other containers are all on the same compose file here. Don't add that dependency to the NordVPN service of course.

Thanks, going to look into it.

@volschin
Copy link

@Smiggel condition inside depends_on is not specified in compose v3, only in v2.
https://docs.docker.com/compose/compose-file/compose-file-v2/#depends_on

@krbrs
Copy link
Author

krbrs commented Oct 24, 2022

Sorry, for me it started this way and containers are waiting. Downgrading to v2.4 should do then.
I am using Portainer so idk if this makes a difference

@Smiggel
Copy link

Smiggel commented Oct 24, 2022
edited
Loading

@Smiggel condition inside depends_on is not specified in compose v3, only in v2.
https://docs.docker.com/compose/compose-file/compose-file-v2/#depends_on

Tried it again. But I still have no service called nordvpn. It's not made during setup I guess.

Also see errors in the log:

s6-rc: info: service 99-ci-service-check successfully started
[2022-10-24T18:50:46+02:00] Finding the best server...
curl: (6) Could not resolve host: api.nordvpn.com
[2022-10-24T18:51:14+02:00] Unable to select a server ¯_(⊙︿⊙)_/¯

@github-actions
Copy link

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the Stale label Dec 24, 2022
@github-actions github-actions bot closed this as completed Jan 1, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working help wanted Extra attention is needed Stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Smiggel @volschin @krbrs