I’ve been using NextDNS with Mullvad VPN on Wireguard configuration. It’s been fine for like weeks now and no leaks or any problems. Today I been receiving leaks and other ISP showing and it’s been really weird. It leaks more when the device is turned off. I’ve used three different testing method and they show me leaks. Before when testing it would only show the vpn and the dns working fine I’ve heard of iOS not securing the connection for VPN as much and such but is this looking like the case for my device too? Is there a alternative solution or anything anyone recommends? Thank you in advance.
The problem with your post is that it has no details.
Just because you claim there are leaks, doesn’t mean we believe you.
The answer is apparently here: VPNs on iOS are a scam
In short, your dreams of not being tracked by the NSA by using a consumer operating system created by an American company under American laws (which provide zero privacy protection), seem to have failed.
You could try Purism– Librem 5 or, if you don’t trust those people either, you could build your own 2G cellphone, but you might have to go to a different country to get a signal.
Anyway, the whole idea of people not being able to figure out what you are doing is delusional. The effort required to do that is so large that there’s no point in doing that. I think it requires at least a billion dollars and an army of people to pull it off. So, good luck with that.
I mentioned this below, but there is a known bug in iOS that can cause this to happen. That may very well be your issue. Link here for the report.
But you mentioned that your using NextDNS. Im curious, did you setup NextDNS in the Mullvad app or did you install the NextDNS app? Im not familiar with Mullvad, but many other VPNs allow you to select your preffered DNS in the app.
If you only selected NextDNS in the Mullvad app, then that will be the DNS that is used for any traffic that goes through the VPN. But I would imagine that any traffic that happens to sneak around your VPN will still hit your iPhones default DNS provider (likely whatever your ISP/Carrier provided).
But if you install the NextDNS app it will change your iPhones DNS server system wide. I wonder if that would possibly help with the leaks? This way the VPN is using NextDNS, but any traffic outside the tunnel should also be using NextDNS too. You’d still technically have a DNS leak, but at least the leaks are going to the same DNS server.
Im actually interested in knowing because I’ve been considering using NextDNS myself.
What other details do you need? I’m on iPhone 13 Pro Max with iOS 16.1.1
I chose the way of installing the NextDNS app and using it thur system wide dns implementation. Then add Mullvad thru Wireguard configuration.
I used the Mullvad app and use the vpn with NextDNS in the dns option they let you use. But it would not be on demand like Wireguard does for some reason
I am just wondering why you torture yourself with trying things that are above your skill level. That’s stressful, in case you didn’t know that.
The fact that you don’t even understand this question, is exactly the problem.
Hmm interesting. I have been doing some digging to see if there are any reports of DNS leaks when using the NextDNS app. From what I have found when setup correctly (NextDNS) it should actually do what it says and route all DNS to them. But you said this is what you already did?
I did find a few posts from people saying they were seeing DNS leaks, and the one thing they all had in common was using NextDNS in conjunction with a VPN app.
I would suggest trying one piece at at a time. In your Settings, disable NextDNS completely, and then also remove all VPN profiles created by Mullvad. For good measure uninstall both apps.
Re-Install only NextDNS, and get it setup properly. Then use just that for a bit and verify if its working correctly. According to several posts and articles you should not see any leaks. I usually use https://www.dnsleaktest.com/ to help.
(Also worth noting if you see “Misaka Network, Inc” when doing a leak test that is ok. They are one of the datacenters used by NextDNS)
Once your confident that NextDNS is working correctly, then re-install Mullvad and set it back up. If the Mullvad app has DNS settings, then of course try and set it up the way youd prefer first. If it works great.
If you start seeing leaks again, then the first thing I would try is seeing if there is an option to use the systems DNS (which should now be nextDNS anyway). This would “technically” mean you’d be leaking all DNS traffic outside of the VPN tunnel. However, I’m not sure it would matter too much in this case since NextDNS uses encrypted DNS. Though this would mean NextDNS would see your IP instead of your Mullvad IP…but your already trusting Mullvad with your IP anyway. I assume the goal is preventing your ISP from seeing your traffic.
I’m trying to learn how to do this. Which I’m sure is every persons right to learn if they are willing. I’m sure that’s why we have these sub so we can ask for help and such. I’m still a newbie to this and never claimed I was a pro. If I was I’m sure I would have figured it out without asking Reddit.
The fact that you don’t even understand this question, is exactly the problem.
What the hell does that even mean? Did you just happen to obtain all your knowledge through osmosis removing the need to ask questions?
Running tcpdump/Wireguard on the appropriate device is one method to show such things.
Now, if you have collected all the required information, then you could make claims like that.
Please keep in mind that iOS is created by people that likely have 30 IQ points more than you do on average. Similarly for Wireguard.
So, the most likely hypothesis is that you don’t know what you are doing, which is exactly why you need to provide proof.
Otherwise, every asshole could say everything.
Also, if you want to learn about computers, just get a Linux box and escape that hell hole called the “Apple ecosystem”. Yes, you can also run Linux on your phone, if you want. (And, in that case, you would have been able to automatically figure out such things and even run your own custom kernel, etc. )
If you care about DNS leaks, the stupidest thing you can do is to run a consumer device like an iPhone (same argument holds for Android, obviously).
Really, if you want to play some kind of freedom fighter/terrorist (why else care about DNS leaks), you should not use any mainstream technology.
So, the most likely hypothesis is that you don’t know what you are doing, which is exactly why you need to provide proof.
No the most likely hypothesis is that iOS has a well known bug regarding DNS leaks when using a VPN connection. This was discovered in iOS 13.3.1, and still persists to this day.
If you care about DNS leaks, the stupidest thing you can do is to run a consumer device like an iPhone (same argument holds for Android, obviously).
Thats why everyone needs to build their own smartphones…with black jack, and hookers!
Really, if you want to play some kind of freedom fighter/terrorist (why else care about DNS leaks), you should not use any mainstream technology.
Sadly, I actually have to agree with this part. Unfortunate that this is what the internet has become.
Indeed, given your extra information that’s the case.
However, this person didn’t provide proof and assuming the user is an idiot unless other proof has been presented is rational.
Sept 4, 2022: Documented yet another Wireshark test/trace, this time using the WireGuard app.
Oh, look, the security researcher did what I suggested.
assuming the user is an idiot unless other proof has been presented is rational.
No it isn’t. It’s rational to assume they don’t yet possess enough knowledge fully understand what they’re doing. But this is how us normal people learn, by exploring, researching, asking questions, and very likely making mistakes.
Also, an idiot is generally considered to be someone who is incapable of learning. Not only is that an incredibly irrational thing to assume. But in this case in particular you provided virtually no assistance to OP so you had no mechanism to personally gauge their ability to learn. Had you collected all the required information, then you could make claims like that.
Oh, look, the security researcher did what I suggested.
Well I would hope so, thats his job. It would be pretty safe to assume OP is likely not a security researcher. In fact it would be safe to assume a majority of the members in this community aren’t either.