DNS Requests to go through a set VPN as set in OPR

Installing and Using OpenWrt Network and Wireless Configuration
1

I have the following set-up:

WRT1900ACV1 Router with "LEDE Reboot 17.01-SNAPSHOT r3498-dc8392f / LuCI lede-17.01 branch" Kernel: 4.4.83

OpenVPN Policy Routing (OPR) Package installed, Version 5.0.1-10 (sets up IPTABLES). See: https://github.com/stangri/openwrt-packages/blob/openvpn-policy-routing/net/openvpn-policy-routing/files/README.md

2 OpenVPN VPNs clients (PIA is VPN provider) set-up and working OK on the WRT1900AC Router.

OpenVPN Option "route_nopull" set on both VPNs to allow WAN as default route so VPNs do not set any routes. I use OPR to set routes for each static IP.

WAN is PPPOE to ISP with a VDSL2 Modem (Netgear DM200) set-up as a (dumb) VDSL2 bridge. WRT1900AC does the login, password, DHCP, DNS etc..

LAN is a normal set-up with static IPs assigned to all devices on the home LAN.

DNS servers only entered through LUCI "Network-DCHP and DNS-Servers-Settings-DNS forwardings" (no other entries in WAN for example). In WAN "Use DNS servers advertised by peer" is UNCHECKED so DNS from ISP is ignored. DNS Servers set are: 208.67.222.222, 4.2.2.1, 8.8.8.8, 209.222.18.222 .

Problem: I cannot get the DNS queries to go through the VPN for the specific static IP I have assigned in OPR.

For example: I set static IP 192.168.2.180 assigned to a Win 10 PC to go through the PIA VPN setup for the UK. I works fine and my external IP is set to a UK IP when I check with "https://wtfismyip.com/".

When I do a DNS Leak Test with "https://www.dnsleaktest.com/" it does not show UK DNS responses but servers close to me, so I suppose its DNS requests are going through my WAN and not the VPN.

I tried to use OPR to set-up port 53 and also the DNS Servers noted above to go through the correct VPN for the static IP I set in OPR but after a lot of trial and error no success in getting it working.

What I want to do is:

Set OPR for a particular static IP to go through a particular VPN I have set-up. This is working.

Have DNS requests for the above static IP go through the same VPN as I have set for that particular static IP. Have other DNS requests go through the WAN by default but through an assigned VPN if that static IP is set to go through a VPN. This is not working.

Is what I want to do possible? If so, how do I set it up?

1 Like
2

FWIW, I only have 1 PIA tunnel set up, no special DNS settings in OPR and my dns requests are not leaking. I only use two Google's DNS servers, not sure if it makes a difference. I wish I knew more/enough to figure this out, hopefully there're some routing gurus out here who can help you.

3

I think that with 1 VPN and you let PIA setup the routes, PIA forces all through the VPN route including DNS.

Since I want the WAN route as default I have set the option "route_nopull" which ignores the PIA settings for the routes and the DNS servers as well that are sent by PIA.

Any "routing gurus" have some suggestions for my problem?

4

Anyone have any ideas???????????