This guide outlines a minimal configuration for enhancing privacy using Proton VPN, Multi-Factor Authentication (MFA), and DNS over HTTPS (DOH). We aim to create a secure and private browsing experience. This setup assumes you have an active Proton VPN subscription and have already configured MFA on your Proton account. The focus is on directing all DNS queries through Proton VPN's secure servers, shielded by DOH.
First, ensure your system is configured to use DNS over HTTPS. This typically involves modifying your network settings or browser configurations.
Example networkd configuration (Linux):
[Network]
DNSOverTLS=yes
DNS=1.1.1.1 8.8.8.8
Next, configure your Proton VPN client. This step is crucial. After logging in with your MFA enabled account, select a server.
Example ProtonVPN CLI command:
protonvpn-cli c
Follow the prompts to connect to a server. Make sure to enable the "Kill Switch" feature within the Proton VPN client to prevent data leaks if the VPN connection drops.
After connecting to Proton VPN, verify your DNS is being routed through the VPN. Your system should now use the DNS servers provided by Proton VPN. This is further secured by DOH if configured correctly.
To force all DNS traffic through the VPN, you can configure your firewall (e.g., iptables on Linux) to block all outbound DNS requests except those originating from the VPN interface.
Example iptables rules:
iptables -A OUTPUT -p udp --dport 53 -m owner ! --uid-owner <vpn_user> -j DROP
iptables -A OUTPUT -p tcp --dport 53 -m owner ! --uid-owner <vpn_user> -j DROP
Replace <vpn_user> with the user account running the Proton VPN client.
To verify the configuration:
Use a DNS leak test website (e.g., dnsleaktest.com) while connected to Proton VPN. The test should only show DNS servers associated with Proton VPN.
Check your IP address to confirm it matches the Proton VPN server's IP.
Ensure MFA is required when logging into your Proton account and connecting via the Proton VPN client.
Regularly update your Proton VPN client for the latest security patches.
Consider using a strong password manager in conjunction with MFA for enhanced account security.
Monitor your network traffic to ensure all DNS queries are being routed through Proton VPN and encrypted with DOH.
Always prioritize official documentation from Proton VPN for the most accurate and up-to-date information.