Router # 2, WRT1900AC v1 running @davidc502 build with openvpn client, dnscrypt disabled. It is connected to router # 1 on wan port and has its own dhcp subnet.
Currently, router # 2 is using the dns settings from router # 1. If I perform a dns leak test, I find that I am connected to my vpn service providers ip address, but dns is showing the active dns resolver ip address of router # 1.
How can I force router # 2 to use dns from my vpn provider instead?
Try placing your VPN provider's DNS details in the WAN interface of router #2:
>Network >Interfaces >Edit >Advanced Settings tab >uncheck 'Use DNS servers advertised by peer' >insert DNS entries under 'Use custom DNS servers' >Save & Apply
@otnert - Please forgive me for the delay in my response.
My VPN provider does not have their own DNS servers, at least not that they are willing to share with their consumers so I am currently limited to using public DNS like Google / Cloudfare on this particular router.
Your suggestion seems to work fine although I cannot get a pass on their DNS leak page which is rather annoying.
I read somewhere that one can enter "6, 1.1.1.1, 1.0.0.1" by navigating to : Interfaces -> LAN -> DHCP Server -> Advanced Settings -> DHCP-Options.
VPN service provider is ExpressVPN. After some lengthy correspondence with their support staff, I came to the conclusion that they don't give out their DNS server addresses because they want their consumers to use their own router based software which is not opensource. On their website they do not provide any detailed installation guides for OpenWRT either.
Do you use any of their Windows 'VPN Apps' when connecting to ExpressVPN via the Lede router?
If so, I'd suggest:
-to remove the Cloudfare DNS entries in Router #2 by ticking the check box here: >Network >Interfaces >WAN then Edit >Advanced Settings tab >tick 'Use DNS servers advertised by peer' >Save & Apply
-re-enter these into the WAN interface of router #2: >Network >Interfaces >WAN then Edit >Advanced Settings tab >uncheck ‘Use DNS servers advertised by peer’ >insert DNS entries under ‘Use custom DNS servers’ >Save & Apply
I used their vpn app in the past before I switching to opensource router firmware. Interestingly enough, when I used Kong's version of DDWRT firmware early last year, I always got a pass on my DNS leak tests. I am surprised I don't get this result in OpenWRT despite the settings being very similar.
In saying that however, I would never consider switching back because OpenWRT is such a great piece of software that is so well supported.
For now, I shall try the suggestions you made and see how it goes.