No more DNS-leaks for VPN's with NetworkManager and dnsmasq

PKGBUILD-networkmanager.patch

Author: Engine Feeder <[email protected]>
Date:   Wed May 4 21:22:55 2016 +0200

	  Do not use split DNS for VPN configs and use only the DNS provided by the VPN.

diff --git a/var/abs/extra/networkmanager/PKGBUILD b/PKGBUILD
index 0d6dd20..de8f1ec 100644
--- a/var/abs/extra/networkmanager/PKGBUILD
+++ b/PKGBUILD
@@ -22,10 +22,12 @@ makedepends=(intltool dhclient iptables gobject-introspection gtk-doc
 checkdepends=(libx11 python-dbus)
 source=(https://download.gnome.org/sources/NetworkManager/${pkgver:0:3}/NetworkManager-$pkgver.tar.xz
         hidepid.patch dhcpv6-mixed.patch
+        split-dns-vpn.patch
         NetworkManager.conf)
 sha256sums=('e947cf30fa3d19dce88e6f6af51f06dc282b7db7996f946aaa37b03526ef2a80'
             '1de5b511b6b4a933739b0ef48ede1830fa3d6dea2277c1302b12b08fa83a73f1'
             'f7771790485f24d788fe35f5922ad044a29c6d89b34458d9e99938503b2a3b39'
+            '7a192ecbff7eeeaa131e469d3bded167079be55226053518e6307a7f0739e288'
             '452e4f77c1de92b1e08f6f58674a6c52a2b2d65b7deb0ba436e9afa91ee15103')
 
 prepare() {
@@ -37,6 +39,9 @@ prepare() {
   # https://bugs.archlinux.org/task/49081
   patch -Np1 -i ../dhcpv6-mixed.patch
 
+  # Do not use split DNS for VPN configs and use only the VPN provided DNS servers
+  patch -p1 -i ../split-dns-vpn.patch
+
   2to3 -w libnm src tools
 
   NOCONFIGURE=1 ./autogen.sh

split-dns-vpn.patch

Author: Engine Feeder <[email protected]>
Date:   Wed May 4 21:22:55 2016 +0200

	Do not use split DNS for VPN configs and use only the DNS provided by the VPN.

diff --git a/src/dns-manager/nm-dns-dnsmasq.c b/src/dns-manager/nm-dns-dnsmasq.c
index 5ead5ec..0c5c432 100644
--- a/src/dns-manager/nm-dns-dnsmasq.c
+++ b/src/dns-manager/nm-dns-dnsmasq.c
@@ -270,13 +270,16 @@ update (NMDnsPlugin *plugin,
 		add_global_config (conf, global_config);
 	else {
 		/* Use split DNS for VPN configs */
+		bool vpn = FALSE;
 		for (iter = (GSList *) vpn_configs; iter; iter = g_slist_next (iter)) {
+			vpn = TRUE;
 			if (NM_IS_IP4_CONFIG (iter->data))
-				add_ip4_config (conf, NM_IP4_CONFIG (iter->data), TRUE);
+				add_ip4_config (conf, NM_IP4_CONFIG (iter->data), FALSE);
 			else if (NM_IS_IP6_CONFIG (iter->data))
-				add_ip6_config (conf, NM_IP6_CONFIG (iter->data), TRUE);
+				add_ip6_config (conf, NM_IP6_CONFIG (iter->data), FALSE);
 		}
 
+		if(!vpn){
 		/* Now add interface configs without split DNS */
 		for (iter = (GSList *) dev_configs; iter; iter = g_slist_next (iter)) {
 			if (NM_IS_IP4_CONFIG (iter->data))
@@ -292,6 +295,7 @@ update (NMDnsPlugin *plugin,
 			else if (NM_IS_IP6_CONFIG (iter->data))
 				add_ip6_config (conf, NM_IP6_CONFIG (iter->data), FALSE);
 		}
+		}
 	}
 
 	/* Write out the config file */