DNS requests from different subnets to different DNS servers on different WAN interfaces

Installing and Using OpenWrt Network and Wireless Configuration
21

That fixed the lack of working DNS for the normal LAN, but the VPN LAN is back to using the ISP DNS.
EDIT: Setup a static route to force all 10.225.255.2 requests out via the VPN, but for some reason it is sending all DNS requests (including LAN) to 10.225.255.2 over the VPN (which is admittedly better than it sending everything over the WAN).

22

Then you should verify that Dnsmasq instances are bonded to the correct interfaces.
Compare interface addresses, Dnsmasq PIDs and runtime configs for those PIDs:

netstat -l -n -p | grep -e dnsmasq
pgrep -f -a dnsmasq

Also verify that your network is configured properly:

uci show network.lanvpn
23

23541 /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.dnsmasq -k -x /var/run/dnsmasq/dnsmasq.dnsmasq.pid
23542 /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.vpn -k -x /var/run/dnsmasq/dnsmasq.vpn.pid

tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 23541/dnsmasq
tcp 0 0 192.168.77.7:53 0.0.0.0:* LISTEN 23541/dnsmasq
tcp 0 0 192.168.1.1:53 0.0.0.0:* LISTEN 23541/dnsmasq
tcp 0 0 192.168.88.8:53 0.0.0.0:* LISTEN 23541/dnsmasq
tcp 0 0 "VPN ADDRESS":53 0.0.0.0:* LISTEN 23541/dnsmasq
tcp 0 0 ::1:53 :::* LISTEN 23541/dnsmasq

udp 0 0 127.0.0.1:53 0.0.0.0:* 23542/dnsmasq
udp 0 0 192.168.77.7:53 0.0.0.0:* 23542/dnsmasq
udp 0 0 192.168.1.1:53 0.0.0.0:* 23542/dnsmasq
udp 0 0 192.168.88.8:53 0.0.0.0:* 23542/dnsmasq
udp 0 0 "VPN ADDRESS":53 0.0.0.0:* 23542/dnsmasq
udp 0 0 127.0.0.1:53 0.0.0.0:* 23541/dnsmasq
udp 0 0 192.168.77.7:53 0.0.0.0:* 23541/dnsmasq
udp 0 0 192.168.1.1:53 0.0.0.0:* 23541/dnsmasq
udp 0 0 192.168.88.8:53 0.0.0.0:* 23541/dnsmasq
udp 0 "VPN ADDRESS":53 0.0.0.0:* 23541/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 23542/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 23541/dnsmasq

So it looks like both are on the same IPs for some reason.

25 
config dnsmasq 'lan'
	option local '/lan/'
	option domain 'lan'
	option leasefile '/tmp/dhcp.leases.lan'
	option resolvfile '/etc/resolv.conf.lan' #copyresolv.conforadd2dnsupstreamorleaveorg
	option serversfile '/tmp/adb_list.overall'
	list interface 'br-lan'

config dnsmasq 'vpn'
	option local '/vpn/'
	option domain 'vpn'
	option leasefile '/tmp/dhcp.leases.vpn' 
	option resolvfile '/etc/resolv.conf.vpn' #addvpndnsmanually-oruse-upscripttopopulate
	option serversfile '/tmp/adb_list.overall' # use same file
	list interface 'eth2' # router-interal-interface facing clients

NOTE: dhcp section needs alternate names i.e.

config dhcp 'landhcp'
config dhcp 'vpndhcp'

/etc/openvpn/YOURVPN.conf

script-security 2  # to use 'up' and 'down' scripts
up "/etc/openvpn/updns"
#down "/etc/openvpn/downdns" # not using right now

updowngen.sh

cat<<'EOF' > /etc/openvpn/updns
#!/bin/sh
echo $foreign_option_1 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' > /etc/resolv.conf.vpn
echo $foreign_option_2 | sed -e 's/dhcp-option DOMAIN/domain/g' -e 's/dhcp-option DNS/nameserver/g' >> /etc/resolv.conf.vpn
EOF
chmod +x /etc/openvpn/updns
2 Likes
27

It looks promising, I optimized the code.

1 Like
28

Both of those scripts just result in an empty resolv.conf.vpn file.

29

You shouldn't expect everything to work flawlessly from the first try.
It requires some tuning in accordance with your configuration.
If you want to perform script troubleshooting, then enable debugging:

#!/bin/sh
set -x -v
exec &>${0%.*}.log
set
...