How do I enable DNS Filtering on Bridged LAN?
Filtering works on the AP but not on the client connected to the AP.
I have taken insparation in the config of Dumb AP Configuration
so ISP internet comes from a different router on lan1. The client is connected via Lan2/3/4. The cabeling may be fixed however.
I am in the proc of bilding the nw down below. Any input would be appreciated.
Configs
/etc/config/adblock
config adblock 'global'
option adb_enabled '1'
option adb_debug '0'
option adb_forcedns '1'
option adb_safesearch '0'
option adb_dnsfilereset '0'
option adb_mail '0'
option adb_report '0'
option adb_backup '1'
list adb_sources 'adguard'
option adb_dns 'dnsmasq'
option adb_fetchutil 'curl'
list adb_zonelist 'lan'
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix ''
option packet_steering '1'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'b'
option tone 'av'
option ds_snr_offset '0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan-wasp'
list ports 'wan'
config device
option name 'lan1'
option macaddr ''
config device
option name 'lan2'
option macaddr ''
config device
option name 'lan3'
option macaddr ''
config device
option name 'lan4'
option macaddr ''
config device
option name 'lan-wasp'
option macaddr ''
config interface 'lan'
option device 'br-lan'
option proto 'dhcp'
config device
option name 'dsl0'
option macaddr ''
AP Client traceroute
OpenWRT router is missing here
traceroute to example.org (2600:1406:bc00:17::6007:810d), 30 hops max, 80 byte packets
1 fritz.box (ipv6) 1.631 ms 1.853 ms 2.164 ms
2 * * *
3 dynamic-2a02-3102-8000-c0a2-0000-0000-0000-0001.310.pool.telefonica.de (2a02:3102:8000:c0a2::1) 19.070 ms 21.031 ms 17.347 ms
4 de-fra04d-rc1-lo0-0.v6.aorta.net (2001:730:2d00::5474:8015) 29.192 ms 29.162 ms 29.138 ms
5 dynamic-2a02-3102-8000-0101-0000-0000-0000-0002.310.pool.telefonica.de (2a02:3102:8000:101::2) 21.038 ms 21.017 ms 20.992 ms
6 dynamic-2a02-3102-8000-0101-0000-0000-0000-0001.310.pool.telefonica.de (2a02:3102:8000:101::1) 22.025 ms * *
7 2a02:3001::280 (2a02:3001::280) 18.795 ms 16.484 ms 14.989 ms
8 2001:1498:1:935::2 (2001:1498:1:935::2) 12.933 ms * *
9 * 2001:1498:1:3f1::2 (2001:1498:1:3f1::2) 13.098 ms *
10 ae-3.r26.frnkge13.de.bb.gin.ntt.net (2001:728:0:2000::269) 15.687 ms 14.149 ms 2001:1498:1:3f1::2 (2001:1498:1:3f1::2) 22.752 ms
11 ae-4.r23.londen12.uk.bb.gin.ntt.net (2001:728:0:2000::15d) 28.204 ms ae-3.r26.frnkge13.de.bb.gin.ntt.net (2001:728:0:2000::269) 15.977 ms 16.007 ms
12 ae-13.r27.asbnva02.us.bb.gin.ntt.net (2001:418:0:6000::1f9) 100.587 ms ae-4.r23.londen12.uk.bb.gin.ntt.net (2001:728:0:2000::15d) 24.487 ms ae-13.r27.asbnva02.us.bb.gin.ntt.net (2001:418:0:6000::1f9) 103.124 ms
13 ae-2.r27.lsanca07.us.bb.gin.ntt.net (2001:418:0:2000::1be) 166.062 ms 164.399 ms 162.558 ms
14 vlan104.r16.spine101.lax01.fab.netarch.akamai.com (2600:1406:b400:6611::1) 165.079 ms vlan104.r15.spine101.lax01.fab.netarch.akamai.com (2600:1406:b400:6610::1) 164.041 ms ae-2.r27.lsanca07.us.bb.gin.ntt.net (2001:418:0:2000::1be) 161.780 ms
15 ae4.r09.spine101.lax01.fab.netarch.akamai.com (2600:1406:b400:660a::1) 167.984 ms ae11.r01.leaf105.lax01.fab.netarch.akamai.com (2600:1406:b400:e05::1) 169.235 ms vlan115.r03.leaf105.lax01.fab.netarch.akamai.com (2600:1406:b400:1207::1) 167.215 ms
16 vlan103.r04.tor105.lax01.fab.netarch.akamai.com (2600:1406:b400:1a01::1) 169.137 ms 172.086 ms vlan115.r04.leaf105.lax01.fab.netarch.akamai.com (2600:1406:b400:1208::1) 169.099 ms
17 g2600-1406-bc00-0017-0000-0000-6007-810d.deploy.static.akamaitechnologies.com (2600:1406:bc00:17::6007:810d) 172.047 ms vlan102.r04.tor105.lax01.fab.netarch.akamai.com (2600:1406:b400:1901::1) 172.119 ms g2600-1406-bc00-0017-0000-0000-6007-810d.deploy.static.akamaitechnologies.com (2600:1406:bc00:17::6007:810d) 173.602 ms
Goal of the set up.
I want all traffic of the AP to go through a VPN and be DNS filtered at the same time. Obviously I can set the OpenWRT manually as DNS server, but thats not the point.