Openvpn client on Linux Mint still shows real IP

I set up #Openvpn on a VPS, got the client side working on my Mac and iPhone but can’t seem to make it work on my #Linux Mint.

I used the Network Settings to load the .ovpn, when I turn it on then check my IP via browser, it still shows the real IP.

Does anyone know what’s wrong and what to do here? Please help!

Hey @Ai !
I trust you were able to download the settings file from your VPS and create a new VPN connection based on it, correct?

1 Like

Yes, @vasileios, one who doesn’t seem to need sleep! :wink:, I used the Network Manager to import that .ovpn file, and can actually turn it on and off form the icon at the dock. Thought I get the “it’s connected” notification, it still shows the real IP when I check via browser.

I even found somewhere to try the OpenVPN 3 client from the terminal, got it to show the VPS ip but when I do that the browser gets the server not found error…

Tell me about it! I’ve been trying not to turn into a night-owl again, with little success so far.

Per the OpenVPN, perhaps some services leak through. I’m not sure where its settings are to tunnel all traffic through it. Per the 3.0 version, it sounds like either a DNS resolution issue or a secure port that is not open. I tend to lean toward the latter.

1 Like

:laughing: I’ve been trying not to be a night-owl for years now… Still am one, it’s getting worse because I’m addicted to learning and making as many things Linux as possible…

One of the things I tried was to change nameserver to 8.8.8.8 in the resolv.conf, but it seems Network Manger would always overwrite it to search my ISP and set the name server to 127.0.0.53

Yes, the resolv.conf file is not a persistent solution - unfortunately. The best way is to direct it via your actual connection (Network Manager) or your VPN server. At this point, I’m wondering if you should instruct your VPN server to also become its own DNS as well. One thing I’d recommend is to avoid the 8.8.8.8 - as it’s a Google address. At least replace it with 1.1.1.1, which is CloudFlare. :slight_smile:

1 Like

Okay, I tried making the .ovpn (from an install script) with 1.1.1.1. that didn’t work on the Linux machine but it does on apple things.

What does it mean to “direct it via my actual connection or my VPN server”? And how do I do that?

I thought I have to provide the IP + port to set up the .ovpn already…

OMG, this is too weird…

When I go to whatsmyip.org, I get the VPN ip.
When I go to whatismyip.org, I get the ISP ip but not exactly pointing at my location (with a IPv6 address)… still scary though… Wonder if I can solve this problem by requesting an IPv6 address for my VPS?

I guess my OpenVPN client is working all the along, just not good enough…

Ah, yes. IPv6 is another beast to tame and needs its own configuration. Also, that protocol can cause quite a few network issues, so I would highly recommend you disable it at your router level (and then your computer, so that it doesn’t look for it). Once you do that, connect to your personal VPN and check your IP once again.

What happens in this case is that your IPv6 propagates your IPv4, depending on which IP reaches the whatsmyip first. Then it correlates the information via your ISP. And traditionally, the location shows where the local Network node is located for the Internet. Thus, it’s not your home. :slight_smile:

1 Like

Circling back to the IPv6 showing the ISP location… It probably won’t help to disable IPv6 on the VPS’s GRUB default file (as I did on my computer), would it?

The funny thing is when I switch the another VPS location, the location only show US, not even a city… so thought disabling IPv6 on the VPS might be good, too…

1 Like

Hey, @Ai!
So far, I can’t say I am a fan of IPv6 - especially since it’s the one that can produce connectivity errors and ProtonVPN has a dedicated process - as in tunnel blocker - to stop it from leaking your DNS. So, I believe that disabling it is a wise move.

1 Like

@vasileios, thank you for the answer…

I think I am currently dealing with 2 issues and I am not sure if they are related or not…

  1. When I check https://www.dnsleaktest.com/, one of my VPS IPs shows it locates at C-N, the other shows a big town near me. Then I figured out that DNS for the first IP has a strange domain name that is located there. Can’t find the same info for the 2nd IP because it’s a generic one though it doesn’t belong to my VPS host. (However, I have asked the VPS host to remove those strange domain names, will have to wait till tomorrow to see if that did the trick.)

  2. For IPv6, I went back to check my notes, I did not use IPv6 when setting up my VPNs by following your instructions from LMS. And I did try as many IPv6 leak test sites as possible and none tested as leaked. So I am unable to figure out why the 2nd IP would show the town near me…

Fingers crossed that once the DNS issue is cleared, issue 2 will go away…

In any case… just to be sure… I should disable IPv6 on my computer AND on my VPSes, correct?

If so, do I only need to make 1 change in the /etc/default/grub like this?
GRUB_CMDLINE_LINUX_DEFAULT=“quiet splash ipv6.disable=1

Is that enough? Couldn’t get it to stick on my Zorin computer but it works on Ubuntu 22.04 computer…

Do I even need to worry about this? So confused right now…

Hey @Ai!
No need to worry. Normally, if there is any type of recognition on IPv6, then it would be a long string with “:” separators. There are several ways to disable it.

First, you can do it directly on your network connections, like the one I’m using below:

Second, you can instruct your router to simply ignore IPv6, like I have on my NetGear (so, it won’t matter if it can’t stick on your Zorin):

With that setup, the IPv6 will never resolve to your home system. Worst case scenario, it will only reach your VPS. However, that server happens to be the one that is visible to the outside world as your exit node.

I also know that my VPS are configured to reach out to CloudFlare, which happens outside of the VPN tunnel. Unless the VPN itself suddenly registers you to a country outside of the US, you are good to go.

One last thing. I tested another commercial VPN lately, Surfshark. Unlike NordVPN and ProtonVPN, I have no issue connecting to Truth Social with it. I find that one interesting. The difference between them is that both Nord and Proton connect via Washington state as the fastest one, while Surfshark has an Oregon server. I’m finding that to be… interesting.

1 Like

Thank you as always, @vasileios!

I had previously already disabled IPv6 in my Network Manager.

So, I am guessing what I need to do is disabling IPv6 for the modem from ISP (don’t have a router attached to that), if that is an option. :crossed_fingers:

1 Like

You are most welcome, @Ai!
And yes, it is doable to disable IPv6 from the ISP’s router. I remember it was possible to do so from the FIOS router we used to have.