I am a newbie in OpenWRT and I have a simple config as seen in the video below where I download and configure an l2tp VPN tunnel via xl2tpd package:
OpenWRT LT2P Tunnel via xl2tpd
Everything works as expected, the VPN tunnel starts working and the IP address is correct. However all DNS requests go through wan instead of VPN tunnel.
root@OpenWrt:~# ip rule
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
root@OpenWrt:~# ip route list
default via 126.96.36.199 dev l2tp-VPN
188.8.131.52 dev l2tp-VPN scope link src 192.168.1.177
10.100.100.0/24 dev wan scope link src 10.100.100.92
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
184.108.40.206 via 10.100.100.1 dev wan
Can someone please assist me on how to route the DNS requests through the L2TP tunnel please?
Any hint or assistance would be greatly appreciated.
Looking at your routing table, all traffic is routed through 220.127.116.11, which is also a Cloudflare DNS server.
Disable the advertised (via DHCP) DNS servers on the wan interface and set 18.104.22.168 as a custom DNS server.
Also it's probably a good idea to change the LAN IP address range so that it doesn't overlap with the xl2tpd interface.
Thank you for the kind assistance. I applied the settings as advised by you. However, I intermittenly get remote DNS, most of the times I have Cloudflare DNS servers which is quite problematic for my application.
video of the steps applied here
Remote DNS alternates now between:
22.214.171.124 CLOUDFLARENET US
126.96.36.199 CLOUDFLARENET US
188.8.131.52 CLOUDFLARENET US
184.108.40.206 CLOUDFLARENET US
220.127.116.11 CLOUDFLARENET US
18.104.22.168 CLOUDFLARENET US
22.214.171.124 CLOUDFLARENET US
126.96.36.199 CLOUDFLARENET US
188.8.131.52 CLOUDFLARENET US
184.108.40.206 CLOUDFLARENET US
220.127.116.11 CLOUDFLARENET US
2001:4888:801c:ff00:168:d:: WIRELESSDATANETWORK US
18.104.22.168 254.sub-141-207-243.myvzw.com WIRELESSDATANETWORK US
Is there a way to filter out CloudDNS servers and keep the real remote ISP DNS servers only?
Any input would be greatly appreciated.
PS. A gentleman had suggested to have this rule at this post:
15000: from all iif lo lookup vpn
However, I cannot figure out how to add this rule.
Thank you so much.
If the requests to your ISP DNS servers go through the tunnel, they will most likely be rejected.
Most ISPs do not accept DNS queries outside of their own networks.
For this reason, when using a VPN, you must use public DNS servers or the VPN provider's DNS servers (if any).