DNS Leaking with OpenVPN


#41

well! thank you


#42

Hi all,

Has this been fixed yet?

Ive not tried the above yet alzhao, but is v2.24 the auto update version now? or do we have to install it manually?


#43

Hi, I am testing right now. For some reason v2.24 still have dns leaks. I further fixed and now is testing it.


#44

Ok thank you. Please let me know the result.


#45

@opticon12000, I put a testing firmware v2.241 here www.gl-inet.com/firmware/testing

Can you download and test?


#46

1. I cant seem to connect to 192.168.1.2 or 192.168.1.1 after holding down the button until it blinks 5 times. It just sits there loading nothing at all on firefox or chrome.

I’ve tried resetting it by holding it down for longer, but now its currently just stuck at ‘setting language’ when I connect to 192.168.8.1 after resetting it.
Is there a fix for this?

Scrap the above, I didn’t hold it down before I booted it up.

  1. If there is a fix, is it openwrt-gl-ar300m-2.241.bin that I need to use to update for my ar300m?

#47

yes. Please try 2.241. Changed dnsmasq and network when you setup custom DNS.


#48

Yes that seems to have fixed it.

I have turned it off and on and rebooted it and the settings remain this time. It only shows one DNS on dnsleaktest.com now thank you.

2.241 is the fix for this.


#49

thank you guys. Works.


#50

The only problem I now see is that the VPN does not auto run/enable on boot up of the device.

This would be great for those that just want to plug and play without having to go to the 192.168.8.1 address every time if you are traveling about.


#51

I found a write-up for a way to include the certs in a startup script in ddwrt that seems to work well, not sure if editing startup scripts works on the native firmware. It, too, is leaking the ISP DNS request alongside the static DNS. Going to continue to play with it later as I travel to many places and connect to many WANs. I would like the router to configure the DNS reliably every time.


#52

I’m using 2.24 and dropped in a preconfigured openVPN file. I too was getting DNS leaks.

I’ve gone into LuCI and manually set the WAN dns to a some public ones.

Now running IP leak, I see only the public dns details, so I presume it’s working, but I’d rather it just used my VPN’s dns.


#53

@alzhao

Using firmware v2.25 with mt300a

When I add “block-outside-dns” to my .ovpn it will not connect. Status says “please wait…”

It works fine with desktop windows openvpn client. Blocks outside dns, prevents leak and uses only the dns of the server connected. Does this feature only work with windows client and not the openssl pkg for openwrt?

 

 


#54

The router don’t work as PC. A lot of features of the PC is not available in the router. Also the router does NAT which is not necessary for the PC. So you have to use custom DNS.


#55

Here guys, the perfect workaround for the moment, at least it works:

https://wiki.openwrt.org/inbox/dnscrypt


#56

Or course it carries the following warning:

 

If you are using it for privacy, it might do the opposite of what you are trying to achieve. If you are using it to prevent VPN "leaks", this isn't the right tool either: the proper way to prevent VPN "leaks" is to avoid sending data to yet another third party: use a VPN service that operates its own DNS resolvers.

#57

Yeap you’re correct. Most of the Dnscrypt.org servers are non logged. But i strongly believe that vpns should have their own dnscrypt servers anyway. But yet, you can always set your vpn DNS on your router and force all clients to use it, most of them have their own dns servers which is a matter of configuring it in most cases and it wount leak(but then there might be a man in the middle attack as the queries are not protected and the dns requests might be caught by third parties).

I’ve tried many vpns but most of them have those DNS problems. Either the queries are not encrypted, either you gotta use an outside DNS.

Anyway, if your VPN uses shared servers for all users, you’ll be better off with DNScrypt than everything else, because you DNS querries actually exits from the VPN and not your computer.


#58

I don’t get any DNS leaks with my configuration. It also makes VPN status survive reboots and enables the switch for VPN on/off toggle and syncs the LEDs and VPN to the switch position on reboot, see here: https://www.gl-inet.com/forums/topic/vpn-switch/#post-50171


#59

>>>When I add “block-outside-dns” to my .ovpn it will not connect. Status says “please wait…”

>>>It works fine with desktop windows openvpn client. Blocks outside dns, prevents leak and uses only the dns of the server connected. Does this feature only work with windows client and not the openssl pkg for openwrt?

From the manual: “This option is considered unknown on non-Windows platforms and unsupported on Windows XP, resulting in fatal error.”


#60

If you are using Nordvpn just enter their dns into your network settings on your Gl iNet mini router:- 103.86.96.100 & 103.86.99.100