Wireguard and DNSleaks

Installing and Using OpenWrt
1

Hey,

I apologize if this topic has been here before, but I have been looking for a while now and I'm totally confused.
I usually use a Wireguard-vpn on my pc and just newly decided to add it to the router so that all devices would go through it. After some search I found OpenWrt, installed it and managed to get the tunnel running. Although, the tunnel is working. I still have no clue as to how I should add the DNS setting to it, which is causing an issue.

When I don't have the tunnel on I get these results on (dnsleaktest.com)(First image in link). With the tunnel that I configured I get a similar results(Second pic), which aren't the same results I get from ruining the tunnel through the desktop app(Last pic).
Images

I would be thankful if anyone can help me with this, but please know that I have just started using OpenWRT today so I still barely know the basics.

2

decided to add it to the router so that all devices would go through it

What exactly do you mean with this? Is every device on your network capable to connect to your home network via vpn?

I still have no clue as to how I should add the DNS setting to it

Can you specify which dns setting you mean?

3

I want the whole network to go though the tunnel, rather than having to install wiregaurd and use it on each device one by one.

I meant the DNS settings that come in the wiregaurd-config file that I get from my vpn-provider. The settings come like this(I took out the info, but you should get the idea.).
[Interface]
PrivateKey =

Address =
DNS =

[Peer]
PublicKey =
Endpoint =
AllowedIPs =

4

So can you give some more information on the type of vpn you would like to create?
I assume this will be a sit-to-site vpn from your router to your vpn provider?

5

I'm not sure what site-to-site means, but here is the guide I followed to setup the vpn on my router. Vid

My vpn-provider has a check website to see if you are using their vpn. The page tells me that I'm using it when I activate the tunnel in the router, but as said earlier the DNS dosen't change. This means that everthing is working correctly and I just need to change the DNS while the tunnel is active.

6

@Meliods , welcome to the community!

  • Block all devices from using udp/53
  • [Static] Route all DNS servers you're using thru the tunnel
  • Recall, that some devices used encrypted DNS, these are hard to stop
  • (Obviously, setup the Wireguard on your OpenWrt.)
1 Like
7

If you want to block dns over tls you can block port 853.

1 Like
8

I can do the blocking part, but what do you mean by that line(I still have yet to figure out how to change the DNS settings). I apologize for being such a noob, but I have never worked on these stuff.

9

Can you first answer @ASFP's question - then I think the answer would be very easy.

(If you are a noob and you think you have a leak...how can you be so sure...and clear on what such even implies...? :thinking: )

So long as the client and router are using the server(s) you wish and did as I suggested - as well as @ASFP, there shouldn't be a "leak".

10

In the dns field you enter the dns servers you would like to use. Then the whole dns traffic is resolved over those dns servers.

I'll look if i can send you an example from my configurations.

1 Like
11

I'm a noob, but by logic I can be sure that my tunnel is not using the correct dns since I never even found a place to enter them. The server connection is being established correctly, but as you can see in the three pictures above (OG post). The normal dns is being used with my tunnel rather than the(5july.net) dns which my vpn dns.

12
  • You fail to explain where this "normal DNS" is (I therefore assume it's assigned by the ISP from DHCP)
  • Configure this DNS server. Simple.

Network > Interfaces > WAN

  • Configure no other DNS servers on OpenWrt
1 Like
13

I can't fine it anywhere sadly, but what I mean is the normal dns assigned by my ISP which is being acquired by my WAN interface.
There's an option to manually enter a dns there, but if I use my vpn dns there my internet connection goes down. :confused:

14

:confused:

I told you...

:man_facepalming:

I'll just show a picture...smh...

screen51

1 Like
15

Oh right, sorry mb. But yeah as said earlier if I inter the dns settings here, my internet dies for some reason.

16

you enter this (5july.net) dns server ?

17

Nah, I use the one give in the vpn-config file.

DNS = 2001:9b1:8826::53, 2001:9b0:4:2601::53, 98.128.186.86, 155.4.89.136

18

?????

:grinning_face_with_smiling_eyes:

OK, well, did you remember you cannot use the hostname for the VPN cause you have no DNS until it connects?

You need to use the IP. :bulb:

:wink:

(BTW, you're causing chicken-or-the-egg paradoxes in your setup.)

1 Like
19

Ye, I'm using the dns given in my vpn-config file.
DNS = 2001:9b1:8826::53, 2001:9b0:4:2601::53, 98.128.186.86, 155.4.89.136

20

:man_facepalming:

NO.

The VPN server address. NOT DNS. You cannot use the hostname.

You're explicitly stating you want to connect to VPN FIRST before you want DNS. We need to make sure you're using the IP to the VPN server (i.e. Wireguard server).

1 Like