DNS with OpenVPN Server and Android Client

Hi, I have a working OpenVPN setup but what is not working on the Android M client is to have it receive and use the DNS IP Address from the server. It simply isn't being pushed despite the presence of "list push 'dhcp-option DNS'" in the openvpn config file. The Android client instead uses the Google DNS servers which is an option inside the connection app. Is there a way to have the Android client use the router's DNS server? I'm hoping it isn't necessary to try building up and down scripts simply to have DNS pushed. Thanks in advance for anything that can be shared toward solving this.

AFAIK, some Androids (including Google's own images of Android L for Nexus phones) have DNS hardcoded and ignore everything they receive from DHCP servers on WiFi connections. Could it be a case with your client?

You can insert a few iptables rules in /etc/user.firewall to "hijack" dns requests on your local network and force-send them to your router. Some packages like adblock and simple-adblock have this dns-hijacking feature as well.

SOLVED!! I fortuitously stumbled upon the solution in the OpenWRT forums.


Under config dnsmasq change option localservice '1' to option localservice '0'

You can do this in the web interface too under DHCP and DNS General Settings.

If you also have these 2 lines below in your /etc/config/openvpn file then the Android device will receive and use the upstream DNS servers you have defined in the WAN, change the DNS IP below to whatever your router's IP is:
list push 'redirect-gateway def1'
list push 'dhcp-option DNS'

With this, DNS leak tests, etc. will show the upstream DNS servers you have previously defined in /etc/config/network under config interface 'wan' , option dns 'servers listed here'.

SOLVED!! #2 This is my original contribution, I didn't see this written down anywhere else.

Instead of changing the dnsmasq localservice option from '1' to '0' you can do this instead:


add these three lines at the bottom:


This tells dnsmasq to listen on the interface rather than an ip-address.. br-lan according to the interfaces panel is the bridge between lan and wifi. tun0 is the interface of the vpn0 connection.
bind-interfaces will lock it to the ip addresses on port 53 just for your loopback, lan, and vpn. You can see this in action by first doing it without the bind line and typing netstat -ant to see the output, then add the line and type netstat -ant again, notice how it is now populated with IP addresses.

You still need these two lines in /etc/config/openvpn:
list push 'redirect-gateway def1'
list push 'dhcp-option DNS'

Don't forget to restart.

1 Like

<> link : [solved] No DNS over VPN