DNS and OpenVPN Client

rechena · January 9, 2024, 7:25pm

Hi, new here, tried to search for anything similar but couldn’t find.
TLDR; I have a XE300 Puli running the latest available firmware 3.x. With a 3G SIM card.

I have OpenVPN client configured to connect to my house. So far so good. Today I was trying to enable the DDNS on the router and noticed it wasn’t working, when checking the logs the router was having issues resolving DNS.

I bit of investigation and I noticed that I can’t resolve any DNS when the VPN is connected, IP all works.

The router WiFi clients work without a bother, they can connect to the VPN ips and resolve DNS for public internet. Just the router itself seems to not know what DNS to use.

Checking /tmp/resolv.conf all seems in order.

Any ideas?

Thanks for the help.

SpitzAX3000 · January 10, 2024, 5:26pm

Do you mean GL’s DDNS or DNS? For example, does resolving glddns.com work?

Do you have an options in your VPN interface:
Services from GL.iNet Use VPN

If yes, plz enable it

rechena · January 10, 2024, 7:41pm

Hi, thanks
Nope it does not resolve any DNS which is why I’ve spotted this situation, when I was trying to enable the DDNS I noticed “can’t resolv” errors on the logs.

On the VPN interface options I don’t have that option. This is using OpenVPN Client connecting to my home OpenVPN server.

SpitzAX3000 · January 11, 2024, 7:03am

provide the full logs

rechena · January 11, 2024, 12:39pm

Can you please advise which ones? Just to save some back and forth. Thanks

SpitzAX3000 · January 11, 2024, 12:51pm

The logs that showed that there is an issue with the dns traffic originated from the modem itself.

rechena · January 11, 2024, 1:53pm

Ah gotcha, ok will do when I’m back home at the router. Thanks for the help. I thought there were others I could provide also. Thanks

SpitzAX3000 · January 11, 2024, 5:16pm

Since you are away form home, if you have SSH access to the modem, execute these commands and post the output:

# cat /tmp/resolv.conf.d/resolv.conf.auto
# cat /tmp/resolv.conf
# nslookup  dnsleaktest.com 
# nslookup  dnsleaktest.com 8.8.8.8
# uci show | grep -i dnsmasq

These quick commands can help us to identify any issues.

** Please note I have firmware v4 instead. But I am trying to help.

rechena · January 11, 2024, 6:26pm

Ah… it was exactly why I was trying to setup remote ssh that this all started.

So here it goes:


root@GL-XE300:~# cat /tmp/resolv.conf.d/resolv.conf.auto
cat: can't open '/tmp/resolv.conf.d/resolv.conf.auto': No such file or directory
root@GL-XE300:~# cat /tmp/resolv.conf
# Interface modem_1_1_2_4
nameserver 80.233.123.1
root@GL-XE300:~# nslookup dnsleaktest.com
;; connection timed out; no servers could be reached

root@GL-XE300:~# nslookup dnsleaktest.com 8.8.8.8
Server:         8.8.8.8
Address:        8.8.8.8#53

Name:      dnsleaktest.com
Address 1: 23.239.16.110
*** Can't find dnsleaktest.com: No answer

root@GL-XE300:~# uci show | grep -i dnsmasq
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.vpn'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].server='1.1.1.1' '8.8.8.8'
dhcp.@dnsmasq[0].noresolv='1'
ucitrack.@dhcp[0].init='dnsmasq'

Not sure if relevant but here’s the firmware info also:
Current Version - 3.217
Compile Time - 2023-05-08 10:44:53
Last Update - unavailable

Really appreciate you trying to help

SpitzAX3000 · January 11, 2024, 6:43pm

I guess the issue is that you have set Manual DNS, which are blocked by the VPN service you’re connected to:

In other words, the modem clients will use the DNS of the VPN. But when the modem itself initiates a DNS resolve, it will use the Manual set ones, which are blocked by your VPN provider.

You can look the DNS resolvers used by your VPN:

cat /tmp/resolv.conf.vpn

SpitzAX3000 · January 11, 2024, 6:59pm

Your output:

And you can see your exact issue in the highlighted part:

rechena · January 11, 2024, 7:54pm

Humm that’s interesting I could have sworn that I tested with manual dns disabled and it was doing the same… will try again…

Thanks

rechena · January 11, 2024, 8:45pm

Humm this is weird… I don’t recognize these ips…


root@GL-XE300:~# cat /tmp/resolv.conf.vpn
nameserver 209.244.0.3
nameserver 64.6.64.6

rechena · January 11, 2024, 8:50pm

Just disabled and same behavior…

admon · January 11, 2024, 8:52pm

Level3 Resolver

UltraDNS

SpitzAX3000 · January 11, 2024, 9:12pm

disable the rebinding protection as well. And restart the vpn.

SpitzAX3000 · January 11, 2024, 9:16pm

These are set in your vpn configurations.

rechena · January 11, 2024, 9:28pm

Interesting… the openvpn server is hosted in a Synology… why would it define like that…

rechena · January 12, 2024, 2:21pm

After doing this the dns can now resolve. But off course since it’s going via the vpn I get the double NAT! I think I’ve seen someone asking but not sure, can we have split VPN?

SpitzAX3000 · January 13, 2024, 1:01am

If you look at the screenshot above I even highlighted to you Split DNS! Anyway set the following to 0:

dhcp.@dnsmasq[0].noresolv=‘1’