Adblock fine tuning

username1120 · July 27, 2019, 4:23pm

Morning all-
When i fire up my VPN service on my laptop, adblocking no longer works.
Has anyone run into this before?

aboaboit · July 27, 2019, 4:30pm

Uhm, where is your VPN server: on your OpenWRT router or elsewhere in the world?
Also, what kind of adblocking are you using on your router?

jeff · July 27, 2019, 4:33pm

(and where is your DNS and your client's DNS coming from when you connect to the VPN service?)

username1120 · July 27, 2019, 5:15pm

The VPN service is NordVPN. It's installed on the laptop, not the router. I haven't gotten bold enough to configure openVPN yet.

I am using Adblock installed on the router. I am not using Simple Adblock. I'm using Adblock 3.5.5-2
I'm assuming that once I connect to Nord, my DNS is pointing to the VPN and no longer the router and I need to somehow configure the route to include that?

I'll be honest; it took me days to figure out how to set up openWRT and adblock. I'm still learning networking and i'm not the sharpest knife in the block.

vgaetera · July 27, 2019, 5:30pm

Adblock requires using DNS exclusively from your router.
So, edit the VPN client configuration on your PC:

pull-filter ignore "dhcp-option DNS"
pull-filter ignore "block-outside-dns"
# dhcp-option DNS
# block-outside-dns

However, beware of DNS leaks.

username1120 · July 27, 2019, 5:45pm

I haven't set up OpenVPN yet. I'm using a VPN service installed on my laptop, not the router.

Are those lines you listed something I need to add to a config file somewhere in Nord?

lleachii · July 27, 2019, 6:20pm

Correct, so if you connect to a VPN on your laptop (for security), then complain (or seek help) because your AdBlock on the router stops working - you should fix that by disconnecting the VPN (or using local DNS - exposing yourself to DNS leaks).

I hope you understand you have connected to a VPN, then expect DNS to leak to the router.

We [assume both you and we] are talking about the OpenWrt router, definitely not a VPN on your laptop you just mentioned (or rather, still referencing).

...but from searching, your answer seems to be yes (in this case).

username1120 · July 28, 2019, 1:22am

I asked a question for support on the support forum. I'm not complaining about anything.
The fact that you don't seem to see a difference between complaints and asking for help says a lot about you.

Your response does little to help me, or anyone else that may happen across this thread with the same question in the future.
Saying, "don't use VPN" in response to my adblock issue with VPN isn't helpful. It's lazy and small and I question the point of your response at all. It's neither helpful or even remotely education. You're just dismissing my question and browbeating someone who asked for help on a support forum. What kind of support forum is this?

username1120 · July 28, 2019, 1:27am

Does anyone else have any ideas? I can't imagine that I'm the only person who has ever wanted to use adblock alongside a VPN service. Is it a routing issue where the traffic needs to be forwarded?

Thanks

jeff · July 28, 2019, 2:05am

While you may not like the answer, it is correct.

A key point of a VPN is that it prevents ("significantly reduces the likelihood") of intermediates being able to understand the content of your traffic. As the VPN end point is your laptop, your router is an intermediate. It can't do anything to help you achieve your goal as long as all the laptop's traffic is passing through the VPN.

My first recommendation would be to install a trustworthy ad-blocking extension on your laptop's browser. I use uBlock Origin.

Past that things get more complex (and arguably less reliable, as DNS-based ad-blocking is a sledgehammer with little control, especially as ads tend to be served from the same domains as "good" content).

An alternative would be to configure your OpenVPN router as the VPN portal, and pass your laptop traffic through that, making sure your laptop uses the OpenWrt DNS.

You could configure your own resolver on the laptop, using something like unbound.

You could configure the laptop to pass DNS traffic to your OpenWrt router directly

Any of these, in my opinion, is far more complex and far less effective than a good browser plugin.

Mushoz · July 29, 2019, 4:44pm

It's the only correct answer, even if you don't like it. Adblock on your router is only able to filter ads at the DNS level if the router is the one resolving domain names. Since the VPN is running on your laptop, that means you have a DNS leak by definition.

vgaetera · July 29, 2019, 6:17pm

You need to choose one of the following:

VPN and DNS-over-VPN on your router.
VPN on your PC:
- DNS-over-VPN/HTTPS and some browser level Adblock plugin.
- DNS and Adblock via the router:
  - Plain DNS and DNS leak.
  - Encrypted DNS with DoH/DoT/DNSCrypt.

lleachii · August 1, 2019, 12:06pm

Wow, I was away for a few days...all I can say is wow!

I apologize if you thought I took your post as a complaint, I clearly mentioned "or seeking help."

Nonetheless, it's been noted that you can't magically connect to a tunnel bypassing your router, then still expect the router to block ads. Again, more apologies if that seemed lazy and unclear at first.

"Miss a day, miss a lot." I hope the OP realizes what they need to do.

system · August 11, 2019, 12:06pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.