Making sure the VPN connection works correctly

It’s good to check that the VPN connections work as intended. It may be necessary to adjust some settings of the computer to get it to work.

Note

This information refers to Linux systems. If you use another operating system and have problems with changing the IP address, make an issue in the github repository .

Step 1: Checking for DNS leaks [1], and checking for correct connection

First, if you notice that after connecting to the VPN server through sirup you can’t access the internet anymore, follow the instructions on Customize resolv.conf.

Second, connecting to the VPN server sometimes still allows third parties to identify the original IP address – the IP address the machine had in absence of the VPN service. This section explains how to ensure that the IP address is correctly changed when connecting to the VPN server.

After installing the package, and before using it, it is recommended to check for DNS leaks. DNS leaks happen when DNS requests are sent to the server of the Internet service provider (ISP) instead directly through the VPN. This can reveal the IP address, or at least the location.

The simplest way is to do a DNS leak check with an online service. To do so, first use the sirup package to connect to a VPN server of your choice – but best to a server that is located in a country different than where you currently are. Then, open a website that checks for DNS leaks such as dnsleaktest.com. Follow the instructions there. If the results do not include any server that belongs to your ISP – and ideally all belong to the country you selected to connect – then you are fine and the VPN works as expected. If not, read on to resolve this possible DNS leak.

Step 2: Resolving DNS leaks

Some VPN providers have their own instructions on how to prevent from DNS leaks. So check first with your VPN service provider for advice. The following are some general tips that have worked in the past.

Note

The instructions below may impact your system’s stability and security. Take them at your own responsibility.

Customize resolv.conf

Change the DNS settings by changing the resolv.conf file.

First, check its current content:

cat /etc/resolv.conf

The output of this is probably something like this:

# Generated by NetworkManager
nameserver XXX.X.X.XX

This shows the IP address of the server to which internet traffic is directed to.

Change this by opening the /etc/resolv.conf file in your favorite editor – you will need root privileges to edit it. For instance, the new content of the file could be:

nameserver 1.1.1.1

In addition, we need to change the attributes of the file so that it is not overwritten by the network manager. For this, type the following in the terminal:

sudo chattr +i /etc/resolv.conf

This makes the file immutable by the network manager.

Then, restart your computer and go to step 1.

Note

Some of the DNS settings interfere with the eduroam wifi. If you have problems, reset the attributes of resolv.conf as follows:

sudo chattr -a -i /etc/resolv.conf

As a result, you can’t use the VPN service through the eduroam network.

Disable IPv-6 [2] [3]

This step is necessary when using surfshark, but not when using Proton VPN.

Open the file /etc/sysctl.conf in your favorite editor – you will need root privileges (using sudo.)

At the bottom of the page, add the following lines:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
net.ipv6.conf.tun0.disable_ipv6 = 1

Save the changes and exit the editor.

Apply the changes in the sysctl.conf file with

sudo sysctl -p

Check whether IPv6 is deactivated with

sudo cat /proc/sys/net/ipv6/conf/all/disable_ipv6

If the output is 1, IPv6 was successfully deactivated.

Go to step 1.

References