Custom DNS on OpenVPN connected

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2, 3  Next
View previous topic :: View next topic  
Author Message
marcus83
DD-WRT User


Joined: 04 Jan 2024
Posts: 229
PostPosted: Fri Jan 12, 2024 3:42    Post subject: Reply with quote
I set the additional DNS options that I want to use in the DNSMask, but nothing, the VPN ones are always read to me
Back to top View user's profile Send private message
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12923
Location: Netherlands
PostPosted: Fri Jan 12, 2024 14:48    Post subject: Reply with quote
Please show a screenshot of the Basic Setup page (whole page)

Please show a screenshot of the Services page (whole page)

Please show output of:
cat /tmp/dnsmasq.conf
cat /tmp/resolv.conf
cat /tmp/resolv.dnsmasq
cat /tmp/resolv.dnsmasq_isp

grep -i openvpn /var/log/messages
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
marcus83
DD-WRT User


Joined: 04 Jan 2024
Posts: 229
PostPosted: Sat Jan 13, 2024 2:25    Post subject: Reply with quote
egc wrote:
Please show a screenshot of the Basic Setup page (whole page)

Please show a screenshot of the Services page (whole page)

Please show output of:
cat /tmp/dnsmasq.conf
cat /tmp/resolv.conf
cat /tmp/resolv.dnsmasq
cat /tmp/resolv.dnsmasq_isp

grep -i openvpn /var/log/messages


thanks for reply:

root@WRT3200ACM:~# cat /tmp/dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=113
dhcp-option=br0,3,192.168.2.1
dhcp-authoritative
dhcp-range=br0,192.168.2.128,192.168.2.227,255.255.255.0,1440m
dhcp-host=E0:76:D0:52:40:5C,XXXXX,192.168.2.129,infinite
dhcp-host=9C:B6:54:E2:45:C3,XXXXXXX,192.168.2.114,infinite
dhcp-host=18:C8:E7:4E:70:84,XXXXXX,192.168.2.111,infinite
dhcp-host=00:E0:4C:71:52:41,XXXXXXXX,192.168.2.101,infinite
dhcp-host=00:31:92:77:24:34,XXXXXX,192.168.2.132,infinite
dhcp-host=EC:3D:FD:BB:61:16,XXXXXXX,192.168.2.130,infinite
dhcp-host=24:A0:74:F1:36:A8,XXXXXXX,192.168.2.127,infinite
dhcp-host=00:BD:3E:2E:E5:76,XXXXXXXXX,192.168.2.122,infinite
dhcp-host=E2:E1:A9:2C:00:6C,XXXXXXX,192.168.2.131,infinite
dhcp-host=CC:73:14:14:4C:76,XXXXXX,192.168.2.185,infinite
dhcp-host=60:C7:BE:99:92:93,XXXX,192.168.2.199,infinite
dhcp-host=00:C3:0A:32:6F:AF,XXXXXXXX,192.168.2.200,infinite
dhcp-host=16:CE:CD:CF:89:E2,XXXXXXX,192.168.2.139,infinite
bogus-priv
conf-file=/etc/rfc6761.conf
clear-on-reload
stop-dns-rebind
dhcp-option=252,"\n"
cache-size=1500
dns-forward-max=150


root@WRT3200ACM:~# cat /tmp/resolv.conf
nameserver 192.168.2.1

root@WRT3200ACM:~# cat /tmp/resolv.dnsmasq
nameserver 10.94.0.1

root@WRT3200ACM:~# cat /tmp/resolv.dnsmasq_isp
nameserver 94.140.14.14
nameserver 94.140.15.15
nameserver 192.168.1.254

root@WRT3200ACM:~# grep -i openvpn /var/log/messages
root@WRT3200ACM:~#
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12923
Location: Netherlands
PostPosted: Sat Jan 13, 2024 7:46    Post subject: Reply with quote
On Basic setup page you should tick/enable "Ignore WAN DNS"

But that is not the problem

You put in the Additional DNSMasq Options:
Quote:
no-resolv
server=94.140.14.14
server=94.140.15.15


this effectively tells dnsmasq to not use /tmp/resolv.dnsmasq (with the VPN DNS server) but instead it should use dns server 94.140.14.14 and 94.140.15.15

But these lines are not seen in the actual DNSMasq config file: cat /tmp/dnsmasq.conf

Either you did not reboot at all or something is really wrong with your router but as long as those lines from the Additional DNSMasq Options are not actually added to the dnsmasq.conf file your problem will not be solved in this way.
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
marcus83
DD-WRT User


Joined: 04 Jan 2024
Posts: 229
PostPosted: Sat Jan 13, 2024 7:51    Post subject: Reply with quote
egc wrote:
On Basic setup page you should tick/enable "Ignore WAN DNS"

But that is not the problem

You put in the Additional DNSMasq Options:
Quote:
no-resolv
server=94.140.14.14
server=94.140.15.15


this effectively tells dnsmasq to not use /tmp/resolv.dnsmasq (with the VPN DNS server) but instead it should use dns server 94.140.14.14 and 94.140.15.15

But these lines are not seen in the actual DNSMasq config file: cat /tmp/dnsmasq.conf

Either you did not reboot at all or something is really wrong with your router but as long as those lines from the Additional DNSMasq Options are not actually added to the dnsmasq.conf file your problem will not be solved in this way.


what I'm saying, for me it's a firmware problem, it always connects to the VPN's DNS....
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12923
Location: Netherlands
PostPosted: Sat Jan 13, 2024 11:15    Post subject: Reply with quote
If you add something to the Additional DNSmasq Options and that is not reflected in the dnsmasq config file (/tmp/dnsmasq.conf) then either your nvram is full or it is corrupted.

Either way I would advise you to reset to defaults and rebuild from scratch
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
marcus83
DD-WRT User


Joined: 04 Jan 2024
Posts: 229
PostPosted: Sat Jan 13, 2024 11:19    Post subject: Reply with quote
egc wrote:
If you add something to the Additional DNSmasq Options and that is not reflected in the dnsmasq config file (/tmp/dnsmasq.conf) then either your nvram is full or it is corrupted.

Either way I would advise you to reset to defaults and rebuild from scratch


Maybe it could be a bug in the latest version DD-WRT v3.0-r54682 std (01/02/24)
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12923
Location: Netherlands
PostPosted: Sat Jan 13, 2024 11:38    Post subject: Reply with quote
marcus83 wrote:
egc wrote:
If you add something to the Additional DNSmasq Options and that is not reflected in the dnsmasq config file (/tmp/dnsmasq.conf) then either your nvram is full or it is corrupted.

Either way I would advise you to reset to defaults and rebuild from scratch


Maybe it could be a bug in the latest version DD-WRT v3.0-r54682 std (01/02/24)


Who knows but not very likely it works on my build:
Quote:
root@EA6900:~# cat /tmp/dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
domain=home13
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=64
dhcp-option=br0,3,192.168.13.1
dhcp-authoritative
dhcp-range=br0,192.168.13.64,192.168.13.127,255.255.255.0,1440m
bogus-priv
conf-file=/etc/rfc6761.conf
clear-on-reload
dhcp-rapid-commit
stop-dns-rebind
dhcp-option=252,"\n"
cache-size=1500
dns-forward-max=150
ipset=/ipchicken.com/amazon.com/amazon
no-resolv <==
server=8.8.8.8 <==

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
marcus83
DD-WRT User


Joined: 04 Jan 2024
Posts: 229
PostPosted: Sat Jan 13, 2024 13:51    Post subject: Reply with quote
egc wrote:
marcus83 wrote:
egc wrote:
If you add something to the Additional DNSmasq Options and that is not reflected in the dnsmasq config file (/tmp/dnsmasq.conf) then either your nvram is full or it is corrupted.

Either way I would advise you to reset to defaults and rebuild from scratch


Maybe it could be a bug in the latest version DD-WRT v3.0-r54682 std (01/02/24)


Who knows but not very likely it works on my build:
Quote:
root@EA6900:~# cat /tmp/dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
domain=home13
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=64
dhcp-option=br0,3,192.168.13.1
dhcp-authoritative
dhcp-range=br0,192.168.13.64,192.168.13.127,255.255.255.0,1440m
bogus-priv
conf-file=/etc/rfc6761.conf
clear-on-reload
dhcp-rapid-commit
stop-dns-rebind
dhcp-option=252,"\n"
cache-size=1500
dns-forward-max=150
ipset=/ipchicken.com/amazon.com/amazon
no-resolv <==
server=8.8.8.8 <==


done, but doing DNS leat tests always show those of the VPN...


root@WRT3200ACM:~# cat /tmp/dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=113
dhcp-option=br0,3,192.168.2.1
dhcp-authoritative
dhcp-range=br0,192.168.2.128,192.168.2.227,255.255.255.0,1440m
dhcp-host=E0:76:D0:52:40:5C,XXXXXXXX,192.168.2.129,infinite
dhcp-host=9C:B6:54:E2:45:C3,XXXXXXXX,192.168.2.114,infinite
dhcp-host=18:C8:E7:4E:70:84,XXXXXXXX,192.168.2.111,infinite
dhcp-host=00:E0:4C:71:52:41,XXXXXXXX,192.168.2.101,infinite
dhcp-host=00:31:92:77:24:34,XXXXXXXX,192.168.2.132,infinite
dhcp-host=EC:3D:FD:BB:61:16,XXXXXXXX,192.168.2.130,infinite
dhcp-host=24:A0:74:F1:36:A8,XXXXXXXX,192.168.2.127,infinite
dhcp-host=00:BD:3E:2E:E5:76,XXXXXXXX,192.168.2.122,infinite
dhcp-host=E2:E1:A9:2C:00:6C,XXXXXXXX,192.168.2.131,infinite
dhcp-host=CC:73:14:14:4C:76,XXXXXXXX,192.168.2.185,infinite
dhcp-host=60:C7:BE:99:92:93,XXXXXXXX,192.168.2.199,infinite
dhcp-host=00:C3:0A:32:6F:AF,XXXXXXXX,192.168.2.200,infinite
dhcp-host=16:CE:CD:CF:89:E2,XXXXXXXX,192.168.2.139,infinite
bogus-priv
conf-file=/etc/rfc6761.conf
clear-on-reload
stop-dns-rebind
dhcp-option=252,"\n"
cache-size=1500
dns-forward-max=150
no-resolv
server=94.140.14.14
server=94.140.15.15
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12923
Location: Netherlands
PostPosted: Sat Jan 13, 2024 14:39    Post subject: Reply with quote
How come that now the DNSMasq options are added Shocked

DNSMasq is now using exclusively the servers set in the Additional DNSmasq options.
It is possible that your VPN provider hijacks the DNS but you have to inquire that at the VPN provider.
If so you can always route the DNS server via the WAN
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
marcus83
DD-WRT User


Joined: 04 Jan 2024
Posts: 229
PostPosted: Sat Jan 13, 2024 15:19    Post subject: Reply with quote
egc wrote:
How come that now the DNSMasq options are added Shocked

DNSMasq is now using exclusively the servers set in the Additional DNSmasq options.
It is possible that your VPN provider hijacks the DNS but you have to inquire that at the VPN provider.
If so you can always route the DNS server via the WAN


I did a reset...

can you explain to me how I do it route the DNS server via the WAN?
Back to top View user's profile Send private message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12923
Location: Netherlands
PostPosted: Sat Jan 13, 2024 15:29    Post subject: Reply with quote
That is explained in the "OpenVPN client setup guide" (Destination based routing) and in the "VPN and DNS guide" (Bind DNS server to Destination)
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Back to top View user's profile Send private message
marcus83
DD-WRT User


Joined: 04 Jan 2024
Posts: 229
PostPosted: Sat Jan 13, 2024 15:30    Post subject: Reply with quote
egc wrote:
That is explained in the "OpenVPN client setup guide" (Destination based routing) and in the "VPN and DNS guide" (Bind DNS server to Destination)


ok thanks for the support bro!

have a great day! Cool
Back to top View user's profile Send private message
marcus83
DD-WRT User


Joined: 04 Jan 2024
Posts: 229
PostPosted: Sun Jan 14, 2024 2:38    Post subject: Reply with quote
egc wrote:
How come that now the DNSMasq options are added Shocked

DNSMasq is now using exclusively the servers set in the Additional DNSmasq options.
It is possible that your VPN provider hijacks the DNS but you have to inquire that at the VPN provider.
If so you can always route the DNS server via the WAN


I asked my VPN provider... and he actually confirmed that they use their own DNS for greater security.

Having said that, I have to study what you told me "route the DNS server via the WAN"

thanks again!
Back to top View user's profile Send private message
stillaround2024
DD-WRT Novice


Joined: 25 Jan 2024
Posts: 22
PostPosted: Fri Jan 26, 2024 17:44    Post subject: Hijacking Reply with quote
marcus83 wrote:
egc wrote:
How come that now the DNSMasq options are added Shocked

DNSMasq is now using exclusively the servers set in the Additional DNSmasq options.
It is possible that your VPN provider hijacks the DNS but you have to inquire that at the VPN provider.
If so you can always route the DNS server via the WAN


I did a reset...

can you explain to me how I do it route the DNS server via the WAN?


Thanks EGC for the information you provided marcus83, same issue with Nord VPN. Currently running 48138 asus_rt-ac68u-firmware.trx after a long affair with Fresh Tomato, sorry dd-wrt the last time I was on this site and running dd-wrt was with a Linksys EL2100. I had to register again could not find my old log in after painfully looking through current users and finally surrendered.. Truly Nice to have knowledgeable help and a active forum..
Back to top View user's profile Send private message
Goto page Previous  1, 2, 3  Next Display posts from previous:    Page 2 of 3
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum