I really like qubes-vpn-support. So I forked it and merged the patches for ipv6 and nft support. GitHub - v-Nyo/Qubes-vpn-support: VPN configuration in Qubes OS
Now I would really like to solve the long standing issue of potential DNS leaks if the vpn server does not provide one.
And if no DNS is provided by VPN server then requests to virtual DNS IPs will leak from qubes. But this was an issue in original Qubes-vpn-support as well.
Currently I just disable DNS upstream of the vpn-qube with something like this (dns over the vpn still works)
qvm-firewall vpn-test add --before 0 drop specialtarget=dns
Should this be enough? Is there a better way?
Another solution that also solves this inside qubes-vpn-support would be nice. ( But needs to be togglable in case the vpn config contains a domain / support custom dns server.)