I have been trying to solve this since I received my router. I can setup openVPN to connect to my home VPN just fine. Traffic seems to all go through the home VPN correctly and I can access devices on the home network via IP as expected (thanks to setting up the proper routes in my VPN config).
However I can’t get the router to use my home DNS server over the VPN. If I enter custom DNS settings of the IP of my DNS at my home network and google’s dns at 8.8.8.8 then I only ever actually query the google DNS. I can manually setup a device connected to the router to use my home DNS and it works so the vpn connection to the DNS is working but the router itself just won’t send requests to it.
So far I’ve not found any solution to this searching this forum or google. Several solutions looked promising, such as setting and up/down script in the openVPN config that modifys /tmp/resolve.conf.auto but even this does not work.
The trouble with doing that is that you get a chicken/egg problem. The router can’t use my home DNS yet because the VPN isn’t connected. The VPN can’t connect because the router can’t lookup the IP of my VPN server via my home DNS.
I suppose I could use an IP address for the VPN but I’m not guaranteed a static IP by my ISP and use dynamic DNS update my domain dns records when a change is detected.
As I said in my original post that was what I found in my research and it sounded exactly what I needed. in practice however it didn’t seem to work. Let me post the contents of the scripts I was using for review. Maybe they were wrong.
Yes. It calls the scripts correctly. I can verify the contents of /tmp/resolve.conf.auto change to my home DNS server (the directive is pushed from the server) and ONLY my home dns server. But when I query DNS from a device connected to the router I know that it’s still using external DNS because I don’t get back the expected IP address.
For example, in public DNS *.mydomain.com is setup so any subdomain will hit my public IP. Internally however I use the mydevice.home.mydomain.com subdomain in my DNS. So if I query DNS for mydevice.home.mydomain.com and get the public IP then I know my home DNS was not queried as it would have returned my internal IP not my public one.
I still haven’t gotten the router itself to use the DNS over the VPN but I did find a workaround for the clients which is good enough for the moment I think. I modified the DHCP settings for the LAN interface in lede to supply my home DNS server instead of the router DNS. So the clients themselves connect to the router and then only query DNS via my home dns server and never hit a public one. Any requests directly from the router could leak still but it shouldn’t really be doing any requests.
This has the added bonus of making sure I notice if the VPN disconnects since DNS will stop resolving on the clients.
I’d still like to find the solution for the router eventually but at least this lets my clients maintain security and access services on my home network correctly.
I will when I can. Not sure what happened but my router seems to be dead ATM. Took it to a hotel and set it up to repeat the hotel wifi. Worked just fine until I had to change it to a different room in the hotel. Plugged power back in and it’s just been stuck with the left LED lit up green. The far right LED never comes on and even holding the reset button has no effect.
Finally managed to debrick the thing. No idea how it got bricked. I’m not running any custom software on it or anything. Just using 2.27 firmware and openvpn. Hopefully this was just a glitch from a power spike or something else weird.
Anyway, here is /etc/config/dhcp:
root@GL-AR300M:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded ‘1’
option boguspriv ‘1’
option localise_queries ‘1’
option local ‘/lan/’
option expandhosts ‘1’
option authoritative ‘1’
option readethers ‘1’
option leasefile ‘/tmp/dhcp.leases’
option localservice ‘1’
list server ‘10.0.0.3’
list server ‘8.8.8.8’
option noresolv ‘1’
option rebind_protection ‘0’
option domain ‘mycustomdomain’
option nonwildcard ‘0’
config dhcp ‘lan’
option interface ‘lan’
option start ‘100’
option limit ‘150’
option leasetime ‘12h’
option force ‘1’
option dhcpv6 ‘server’
option ra ‘server’
option ra_management ‘1’
list dhcp_option ‘6,10.0.0.3’
I just ran into this same issue on my MT300N-v2. Left LED on, none of the others. Had just enabled wifi repeater from my home wifi network. How were you able to de-brick?
Sigh, I really want to like this router. When it works, it works great. But after it sitting in my back untouched since I used it 2 weeks ago at a hotel, it’s bricked again. I literally did nothing after fixing it the last time other than unplugging it and putting it in my backpack. There it has stayed until this evening when I checked into another hotel. Just the one green light staring me down again and never powers up wifi or anything. I just hope I can get a better replacement from Amazon fast enough as I’m leaving the country in a week and this thing was supposed to be my lifeline to my home vpn for all my various devices in foreign hotels.
Hrm…That is a good call actually. Now that I think about it when I setup and tested everything at the house I never used the power source I’m using at these hotels. Took at look at what I was using and it’s only 1.5amp output. It’s originally for a what I thought was a pretty power intensive device so my bad for assuming it was a higher power adapter and not actually checking. Had another usb power adapter with me that puts out minimum 2.4a and it came right up. Still can’t figure out this DNS issue but at least this maybe makes it a reliable travel router still. Thanks!
openvpn dns problem is solved in firmware v3.0.
Now 3.0beta version is available for testing in our website download.gl-inet.com/firmware. Not all models are available.
Thanks. I think this router is just bad honestly. Changing power sources seems to have been a fluke because it went back to the single led issue again after a reboot. I ordered an GL-AR750 to replace it and hopefully will have better luck. Just wish I hadn’t already tossed the original packaging so I could return this one to amazon.