[SOLVED] Dns setting on a second router running static openvpn client connection

outofscope · May 21, 2018, 7:18am

Hi all,

I have a router behind router setup.

Router # 1, Nighthawk R8000 running 17.01.04 minimal build with dnscrypt-proxy.

Router # 2, WRT1900AC v1 running @davidc502 build with openvpn client, dnscrypt disabled. It is connected to router # 1 on wan port and has its own dhcp subnet.

Currently, router # 2 is using the dns settings from router # 1. If I perform a dns leak test, I find that I am connected to my vpn service providers ip address, but dns is showing the active dns resolver ip address of router # 1.

How can I force router # 2 to use dns from my vpn provider instead?

Thanks,
~ Tala ~

otnert · May 23, 2018, 11:18am

Try placing your VPN provider's DNS details in the WAN interface of router #2:

>Network >Interfaces >Edit >Advanced Settings tab >uncheck 'Use DNS servers advertised by peer' >insert DNS entries under 'Use custom DNS servers' >Save & Apply

outofscope · June 14, 2018, 4:05pm

@otnert - Please forgive me for the delay in my response.

My VPN provider does not have their own DNS servers, at least not that they are willing to share with their consumers so I am currently limited to using public DNS like Google / Cloudfare on this particular router.

Your suggestion seems to work fine although I cannot get a pass on their DNS leak page which is rather annoying.

I read somewhere that one can enter "6, 1.1.1.1, 1.0.0.1" by navigating to : Interfaces -> LAN -> DHCP Server -> Advanced Settings -> DHCP-Options.

Is this worth any consideration?

Thanks,
~Tala~

otnert · June 14, 2018, 11:12pm

Who is your VPN provider? Seems strange they won't provide their DNS info for you.

In my testing using the DHCP method "6, 1.1.1.1, 1.0.0.1" will leak DNS, better off in the WAN interface.

However if using Cloudfare, they have a strict no log policy anyway.

Out of interest what is the site address your using for their DNS leak page?

outofscope · June 15, 2018, 1:44am

@otnert - thanks for your reply.

VPN service provider is ExpressVPN. After some lengthy correspondence with their support staff, I came to the conclusion that they don't give out their DNS server addresses because they want their consumers to use their own router based software which is not opensource. On their website they do not provide any detailed installation guides for OpenWRT either.

The site address I am using for DNS leak tests is https://www.expressvpn.com/dns-leak-test

For now I shall run with your suggestion on this particular router.

Thanks again.
~Tala~

otnert · June 15, 2018, 2:17am

Do you use any of their Windows 'VPN Apps' when connecting to ExpressVPN via the Lede router?

If so, I'd suggest:
-to remove the Cloudfare DNS entries in Router #2 by ticking the check box here:
>Network >Interfaces >WAN then Edit >Advanced Settings tab >tick 'Use DNS servers advertised by peer' >Save & Apply

-connect using their app
-you might be able to find their DNS server address(s) using one of these sites:
https://dnsleaktest.com/
http://dnsleak.com/

http://ip-api.com/#

Hopefully this will divulge their DNS address(s)

-re-enter these into the WAN interface of router #2:
>Network >Interfaces >WAN then Edit >Advanced Settings tab >uncheck ‘Use DNS servers advertised by peer’ >insert DNS entries under ‘Use custom DNS servers’ >Save & Apply

Good Luck!

outofscope · June 15, 2018, 6:06am

I used their vpn app in the past before I switching to opensource router firmware. Interestingly enough, when I used Kong's version of DDWRT firmware early last year, I always got a pass on my DNS leak tests. I am surprised I don't get this result in OpenWRT despite the settings being very similar.

In saying that however, I would never consider switching back because OpenWRT is such a great piece of software that is so well supported.

For now, I shall try the suggestions you made and see how it goes.

Thanks again for all your help.
~Tala~