After I connect the GL-AR150 (running the latest software version) to wi-fi the DNS is set with the IP’s passed from the DHCP server.
Then I start an OpenVPN connection using a (.ovpn) config file that includes the following 3 lines:
dhcp-option DNS 18.104.22.168
dhcp-option DNS 22.214.171.124
However, the DNS server IP's of the GL-AR150 doesn't update.
This appears to be the same issue discussed in this thread “
DNS Leaking with OpenVPN”.
Is there a fix other than manually changing the DNS servers in the GL-AR150 GUI?
April 14, 2017, 11:34am
Currently you can use custom DNS servers.
Need to check how these options is supported in the openvpn client.
Just to add to
@alzhao here is a screen shot for clarity
April 17, 2017, 2:59am
The DNS servers in the screenshot are different than in the config file…so what is what?
You might find the DNS does not change because your ISP’s router over-rides things…so you need to change the DNS servers there.
@Glitch I threw in a misdirection there sorry bout that @ds-Iceland.
The IP addresses shown in the openvpn config file were mine and in no way related to the image from
@Blind Raven. From my perspective the image wasn’t needed, @alzho’s comment to use custom DNS tells me the AR150 ignores the config entries.
Basically what needs to happen here is that the script option to open vpn needs to be utilized…
I made this in response to this post and also discovering the DNS leaking going on:
GLI is free to use it as they wish.
You will also want to set (in your opvn / conf file):
There’s an ENV variable that allows it to know when it’s up/down so no arg necessary.
You will also probably want to set:
push "redirect-gateway def1 bypass-dhcp block-local"
push "dhcp-option DNS 10.8.0.1"
Where 10.8.0.1 is the IP of the DNS you intend on using and where
is a good setting that prevents lan access, so even if the DNS doesn’t work, you won’t leak back to the LAN DNS.
May 18, 2017, 11:08am
xenithorb, Thanks, I will have a try and feedback.
I see this issue when using expressvpn through the router. DNS stays with the ISP’s router. If I disconnect/reconnect a few times, I can usually get the VPN’s DNS.
I’m not savvy enough to try your fix so hopefully it will be in an update soon.
May 21, 2017, 2:12pm
>>> DNS stays with the ISP’s router
That’s standard - need to go into ISP router and change from “automatic” (ie. ISP’s DNS) to whatever you want.
Hi All. I’ve find out the way to set DNS which push openvpn server. In openvpm profile need to add this:
previously check if this script exist in your firmware (tested on 6416 fw 2.255)
This script can also grab dns from openvpn profile if there is “dhcp-option DNS” and save new dns to /tmp/resolv.conf.auto to all wan interface. Dns leak test pass. Hope this will help to somebody.
June 5, 2017, 10:40am
Yes, I put the @
xenithorb 's script in firmware v2.255 but not configured it. You need to do as @Darkstar suggested to make it work.
June 6, 2017, 5:39am
>>>You will also probably want to set:
>>>>push "redirect-gateway def1 bypass-dhcp block-local"
>>>>push "dhcp-option DNS 10.8.0.1"
I don't think these work as they seem to be for the server config and not the client:
Push a config file option back to the client for remote execution. Note that
option must be enclosed in double quotes (“”). The client must specify –pull in its config file.
Also, regarding the script, presumably it needs “dhcp-option DNS” to be set to your preferred servers to work?
And why does it include a “down” section?
Finally, how does this all this differ from what the GLUI “custom DNS” settings?
June 28, 2017, 7:58am
I still see the router itself responding to DNS…when I ssh into the AR300M i see this:
root@T5000:~# cat /tmp/resolv.conf.auto
Address 1: 127.0.0.1 localhost
Address 1: 2a00:1450:4009:800::200e
Address 2: 126.96.36.199
July 1, 2017, 11:58am
@AxeBro, we put this task on the list and hope to have this in next release.
July 11, 2017, 9:41pm
Any update on the ability to accept the DNS server provided by the OpenVPN server?
At the moment, my situation is the following:
I need to use the DNS server located on the Openvpn server side, which has a private address 192.168.10.X
I can specify this DNS server (192.168.10.X) fine in the Custom DNS, and I can setup the tunnel fine as long as I specify the Openserver IP address by IP and not FQDN.
However, if I am not using the Openvpn tunnel, I cannot resolve anything as the 192.168.10.X address is only reachable via the Openvpn tunnel.
On Windows, the DNS are corretcly injected through the tunnel (as it accepts the pushed DNS servers).
July 12, 2017, 1:58am
@xiolo, this is exactly what i need also. +1
July 12, 2017, 12:06pm
Yes. We will add this.
I checked and in most ovpn files provided by public vpn providers, there is no dns push. Any idea how to deal with such situation?
July 12, 2017, 9:16pm
if none of those profiles push a DNS server, how about setup a vps on digital ocean, and have it push a dns server? even if you set it to push a public dns server, at least we can test to see if the push option was accepted.
July 13, 2017, 11:38am
that could be an option. But we will not build a DNS sever. It is difficult to maintain.
I think maybe the best solution is to set up a DNS server only for vpn. When vpn starts, the server will be used.
Could use google or opendns.
I know a lot of user don’t want to use google or opendns. But they provide a very stable service.