I will start by saying I’m no tech expert, and will need some layman type answers to help me fix my issue
I am using a mango router whilst travelling around the world, I’ve been nomadic for a few years now. I am having a problem that my dns leaks. My set up is super simple, mango router connected to whatever WiFi my airbnb/hotel/rented apartment has. Connected to the router are my Android phone and a Roku. I use surfshark as my vpn provider, and have used both OpenVPN and Wireguard as the protocols for the router, get dns leaks from both. I’ve contacted surfshark support, and they’ve provided their dns numbers to insert as custom dns servers on the router. When I add these dns numbers and reboot, I’m then locked out of the admin page of the mango, and unable to connect to the internet.
If anyone is able to help me prevent these dns leaks would be greatly appreciated.
A DNS request should go over the VPN. And if the request is leaked ‘behind the Endpoint’, this is not a Mango problem. It could be a security issue, but than just use a trustworthy DNS.
That is the reason why I’m asking what is your source of the statement. It is important to understand the issue.
I don’t think there is ‘a simple answer’. Maybe someone else could show I am wrong about this.
I do not understand, where do you expect your DNS location is?
Your room/appartment/airbnb has a ‘line’ to the Internet.
There is somewhere a router, that is (often) getting a public IP.
This router is providing a Cable or a WLAN for you.
If you’d connect to this router, you’ll get IP information, mostly via DHCP.
This DHCP contains: An IP (and Subnet) for you, a Gateway (mostly the IP of this router) and a DNS.
The DNS could be the router itself, but this would be mostly only an upstream DNS. The ‘real DNS’ will be from the ISP or something like 22.214.171.124 (Google), 126.96.36.199 (Cloudflare) …
What I’m trying to draw as a picture: It is not an issue, if the DNS is at a different Position than your ISP location.
Where is the leak?
A DNS Leak means:
You connect your Mango to the provided Router.
The Mango connect to the Internet and set up a VPN
Now the owner of the router should not be able to see what web addresses you are trying to reach
→ Because everything is inside the VPN, only the VPN provider could see it …
If the owner of the router (or any 3rd party within the subnet of the router) can see your device (or mango) is requesting an IP of an address, than it is a leak.
Okay a little oversimplified. But I hope ‘my DNS is at a different location than my IP’ is not a leak. And ‘a website’ is also not very much to understand if your situation is serious or just a misunderstanding of the concept.
What even is ‘a DNS Location’?
When I open https://www.ipchecktool.com/ it show ‘My location’ nearby my home, even If I’m 126 KM in the south. Because I am using a Slate AX and it is connected via Wireuard to my home network. It is fine.
Appreciate the responses, that has helped me understand a bit more. Basically I need the dns servers to be in the as some of the free streaming services aren’t working on my roku when I’m out of the (cbs, nbc, abc etc). When I set the custom dns with the vpn provided servers (that are based), I’m unable to connect to the internet and need to reset the mango. Any help getting my dns servers to be based would be appreciated.
Unfortunately it isn’t Roku doing the checking. A lot of apps work, a lot of apps don’t, so each streaming service does its own checks. For some the ip address is sufficient, for others they are checking the dns server location.
The Surfshark WireGuard config files should already contain DNS IP address(es) that are within the U.S. when you connect to their U.S. servers. If not, the appropriate DNS IP address(es) would be assigned after you connect to their servers.
You should not have to manually set up Custom DNS Server in the GL.iNet router. The DNS IP addresses that Surfshark Support gave you may not work whenever you are not already connected to their servers and, hence, may be stopping you from connecting to the Internet.
Can you post one of their WireGuard config files, with personal information redacted?