#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as ‘up’ and ‘down’ script in your openvpn *.conf:
# up /etc/openvpn/update-resolv-conf
# down /etc/openvpn/update-resolv-conf
#
# Used snippets of resolvconf script by Thomas Hood
# and Chris Hanson
# Licensed under the GNU GPL. See /usr/share/common-licenses/GPL.
#
# 05/2006 chlauber@bnc.ch
#
# Example envs set from openvpn:
# foreign_option_1=’dhcp-option DNS 193.43.27.132′
# foreign_option_2=’dhcp-option DNS 193.43.27.133′
# foreign_option_3=’dhcp-option DOMAIN be.bnc.ch’

NETCONFIG=”/sbin/netconfig”
#OPTIONS=”–verbose –force-replace”

[ -x $NETCONFIG ] || exit 0

case $script_type in

up)
for optionname in ${!foreign_option_*} ; do
option=”${!optionname}”
#echo $option
part1=$(echo “$option” | cut -d ” ” -f 1)
if [ "$part1" == "dhcp-option" ] ; then
part2=$(echo “$option” | cut -d ” ” -f 2)
part3=$(echo “$option” | cut -d ” ” -f 3)
if [ "$part2" == "DNS" ] ; then
if [ "$IF_DNS_NAMESERVERS" ] ; then
IF_DNS_NAMESERVERS=”$IF_DNS_NAMESERVERS $part3″
else
IF_DNS_NAMESERVERS=”$part3″
fi
fi
if [ "$part2" == "DOMAIN" ] ; then
IF_DNS_SEARCH=”$part3″
fi
fi
done
R=”"
if [ "$IF_DNS_SEARCH" ] ; then
R=”${R} DNSSEARCH=’$IF_DNS_SEARCH’”
fi
if [ "$IF_DNS_NAMESERVERS" ] ; then
R=”${R} DNSSERVERS=’$IF_DNS_NAMESERVERS’”
fi
echo -n “$R” | $NETCONFIG modify $OPTIONS -i “${dev}” -s openvpn
;;
down)
$NETCONFIG remove $OPTIONS -i “${dev}” -s openvpn
;;
esac

Road Warrior VPN.com does include a nice how to set up their VPN client on Linux and automatically send all DNS requests to the VPN server in order to keep the DNS requests just as secure as the rest of the trafic.
https://www.roadwarriorvpn.com/configure_install/Linux_CLI.php

让我找到解决方案

Thnx a lot. =)

I don’t think that is correct about Witopia, or any decent VPN service provider worth its salt, but you are correct about DNS being a potential security hole that you need to keep an eye on. Witopia does provide secure DNS and says you should use their DNS servers for best security in the e-mail you receive after ordering.

Please comment back, but it’s my understanding that if you’re set up to automatically detect settings from your iSP, Witopia should function as your “virtual ISP” while VPN is connected and provides the Witopia IP address as well as DNS information from Witopia DNS servers over the encrypted tunnel.

Witopia supplies DNS as part of their service and will also let you manually enter the server addresses (I have done this and it seems to improve performance and, as you mention, security). The DNS server info is on their FAQ, http://www.wiki.witopia.net/wiki/FAQ …#6).

So, as I understand it, DNS queries while using Witopia are secure if you use their DNS servers, which you should automatically, if your machine is set up to auto-detect settings or you can manually set them as they suggest.

Then, all DNS queries are encrypted over witopia VPN (outside of China..or any country) to and from Witopia servers unless you purposely enter your local ISP’s DNS servers (in China that wouldn’t be too good) or someone else’s. Which, as you mention, isn’t the optimal security setup and should be avoided.

They have run me around the block on this problem, which is a MAJOR Security hole, and the folks at witopia just don’t seem to care.

The problem is that your BROWSER sesson gets encrypted
BUT
your DNS queries DO NOT !!!

So if you did this in CHINA and set up your Supposedly Secure Witopia session, where you Thought all was secure and then went to
say “www.freetibet.org” your DNS lookup is IN THE CLEAR !!! Your session once yiu Got To the site is encrypted
BUT
Now its to late – You DIE
witopia sucks SO MASSIVELY that they have ZERO mention on their WEB site and their tech support has ZERO Clue about the problem.

worse – witopia tech support cops such a huge attitude with you – like YOU are the problem – NOT their product – NOT their lack of documentation

THX SO MUCH for the HELP !!!!