Posted: Wed Jul 19, 2017 19:29 Post subject: DNS OpenVPN DHCP build 32597 issue with dhcp affecting Wan
I seem to have DNS issues with when i connect my OpenVPN.. traffic routes no problem.. When i try and change my Client DNS vias DHCP, i dont get the desired effect...
The OpenVPN wont connect at all..and my clients don't get the updated DNS.. Just the WAN itself seems to get the new DNS..
Im guessing my understanding of the DDWRT implementation of DHCP lacking.. It may well me by lack of understanding about DNSmasq
can anyone let me know how i should configure DHCP to allocate my clients my own custom DNS.. without affecting the WAN DNS
Ive tested this and when i manually set the DNS on my client , i can access the internet over the VPN... Using google dns no problem if i use the ISP DNS its the same affect
Posted: Wed Jul 19, 2017 19:49 Post subject: Bit of extra info
Im sure BT (the ISP) are doing something... i don't have wither of these features enabled, when i tried to tried google DNS onto the DHCPserver ( thusly affecting the WAn) i was unable to access any websites, and got this usefull tell tale message from bt
Posted: Wed Jul 19, 2017 19:58 Post subject: bit more info
apologies for the mutli message...
i can see in my client log for openvpn, it would appear that the VPN DNS are being injected into my DHCP / DNS somehow usefull i guess to avoid DNS leak.. but i think something in the DDWRT / masqdns dhcp , aint quite working..
any pointers would be greatly appreciated
20170719 20:40:54 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 78.129.156.253 dhcp-option DNS 87.117.196.200 sndbuf 393216 rcvbuf 393216 route-gateway 82.145.51.193 topology subnet ping 10 ping-restart 120 ifconfig 82.145.51.200 255.255.255.192'
20170719 20:40:54 OPTIONS IMPORT: timers and/or timeouts modified
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Thu Jul 20, 2017 11:28 Post subject:
Your own router can do the same it is called Forced DNS redirection, it basically intercepts everything on port 53 (DNS) and redirect it.
That is what BT probably is doing also, well if I understand correctly it is just blocking it .
It could be that you can configure this on your BT account.
if not you can use the VPN, if you configure a DNS server on your client then the client connects through the VPN and also does the DNS query via the VPN.
However your router, when starting the VPN, must use the standard DNS server to query and resolve the VPN server you are using, so just keep the standard BT DNS server.
After the VPN is up, the DNS servers of your VPN are pushed and subsequetnly used (that is if you do not have a DNS leak, some builds have a DNS leak)
Test this with www.dnsleaktest.com and www.ipleak.net
O wow, this is a rabbit hole...... thanks for the advice...now i have something else to obsess over now.. this is very interesting indeed.
So against my better judgment when i'm using the ISP router...after lengthy arguments with them over DNS, and confirmation that my account is setup right not to use any DNS protection (Web Protect the call it)...
i literally have no options. but to go 2 router, ofoucrse i can replace there kit with a simple router,
so using a 2 router setup for testing
1, ISP HH5 , and 2, DDWRT @ 32597
I have a pretty stable OpenVPN now, but looks leaky as as sieve , with or without dns encyption, which is a bit of a mystery to me as is DNSmasq still
When i test a PPTP vpn (by far the simplest) using the wan interface on the 2nd Router, the connection is pretty solid.. and uses the VPN DNS only and does not leak at all...
I was trying to keep away from PPTP, not sure if i'm worrying over nothing, i'm mainly wanting to vpn just to make a usable Internet for browsing and streaming.. security is not my driver, but im getting more and more interested the more an more i find out how BT operate.. Also i wanted to get into split tunnelling so certain devices could bypass the VPN, without being connected to the ISP router directly , ie want to keep them on the same lan so i can access them locally
as a novice with DDWRT, is there a build i should use thats more stable that the one im on? i have a WRT3200acm
Altough OpenVPN is regarded more safe, unless you are wanted by the authorities PPTP will do. However for "split tunneling" OpenVPN is much more user friendly (with Policy Based Routing it is easy to route clients through the VPN or ISP by their IP address).
So I advice you to use Open VPN. If configured correctly this is the best. The latest builds should not have a DNS leak, but it is always a good idee to use the OpenDNS servers as default in your DDWRT Setup.