After I connect the GL-AR150 (running the latest software version) to wi-fi the DNS is set with the IP’s passed from the DHCP server.

Then I start an OpenVPN connection using a (.ovpn) config file that includes the following 3 lines:

route-metric 1 dhcp-option DNS 82.148.69.66 dhcp-option DNS 37.205.35.73

This appears to be the same issue discussed in this thread “DNS Leaking with OpenVPN”.

Is there a fix other than manually changing the DNS servers in the GL-AR150 GUI?

Currently you can use custom DNS servers.

Need to check how these options is supported in the openvpn client.

Just to add to @alzhao here is a screen shot for clarity

The DNS servers in the screenshot are different than in the config file…so what is what?

You might find the DNS does not change because your ISP’s router over-rides things…so you need to change the DNS servers there.

Glitch

Your right @Glitch I threw in a misdirection there sorry bout that @ds-Iceland.

@Glithc,

The IP addresses shown in the openvpn config file were mine and in no way related to the image from @Blind Raven. From my perspective the image wasn’t needed, @alzho’s comment to use custom DNS tells me the AR150 ignores the config entries.

Basically what needs to happen here is that the script option to open vpn needs to be utilized…

I made this in response to this post and also discovering the DNS leaking going on:

https://gist.github.com/xenithorb/4869dc2246d1a7e73d8766c20db41669

GLI is free to use it as they wish.

You will also want to set (in your opvn / conf file):

up /path/to/script.sh
down /path/to/script.sh

There’s an ENV variable that allows it to know when it’s up/down so no arg necessary.

You will also probably want to set:

push "redirect-gateway def1 bypass-dhcp block-local" 
push "dhcp-option DNS 10.8.0.1"

Where 10.8.0.1 is the IP of the DNS you intend on using and where

block-local

is a good setting that prevents lan access, so even if the DNS doesn’t work, you won’t leak back to the LAN DNS.

@xenithorb, Thanks, I will have a try and feedback.

I see this issue when using expressvpn through the router. DNS stays with the ISP’s router. If I disconnect/reconnect a few times, I can usually get the VPN’s DNS.

I’m not savvy enough to try your fix so hopefully it will be in an update soon.

>>> DNS stays with the ISP’s router

That’s standard - need to go into ISP router and change from “automatic” (ie. ISP’s DNS) to whatever you want.

Hi All. I’ve find out the way to set DNS which push openvpn server. In openvpm profile need to add this:

script-security 2
up /usr/bin/dns_updown_script.sh
down /usr/bin/dns_updown_script.sh

previously check if this script exist in your firmware (tested on 6416 fw 2.255)
This script can also grab dns from openvpn profile if there is “dhcp-option DNS” and save new dns to /tmp/resolv.conf.auto to all wan interface. Dns leak test pass. Hope this will help to somebody.

Yes, I put the @xenithorb 's script in firmware v2.255 but not configured it. You need to do as @Darkstar suggested to make it work.

>>>You will also probably want to set:

>>>>push "redirect-gateway def1 bypass-dhcp block-local" 
>>>>push "dhcp-option DNS 10.8.0.1"

I don't think these work as they seem to be for the server config and not the client:

--push option

Push a config file option back to the client for remote execution. Note that option must be enclosed in double quotes (“”). The client must specify –pull in its config file.

Also, regarding the script, presumably it needs “dhcp-option DNS” to be set to your preferred servers to work?
And why does it include a “down” section?

Finally, how does this all this differ from what the GLUI “custom DNS” settings?

Glitch

@xenithorb

I still see the router itself responding to DNS…when I ssh into the AR300M i see this:

root@T5000:~# cat /tmp/resolv.conf.auto

Interface wwan

nameserver 192.168.39.9

nameserver 8.8.8.8

root@T5000:~# nslookup google.com

Server: 127.0.0.1

Address 1: 127.0.0.1 localhost

 

Name: google.com

Address 1: 2a00:1450:4009:800::200e lhr25s11-in-x0e.1e100.net

Address 2: 216.58.210.46 lhr25s11-in-f14.1e100.net

root@T5000:~#

@AxeBro, we put this task on the list and hope to have this in next release.

Hi Alzhao

Any update on the ability to accept the DNS server provided by the OpenVPN server?

At the moment, my situation is the following:

• I need to use the DNS server located on the Openvpn server side, which has a private address 192.168.10.X

• I can specify this DNS server (192.168.10.X) fine in the Custom DNS, and I can setup the tunnel fine as long as I specify the Openserver IP address by IP and not FQDN.

However, if I am not using the Openvpn tunnel, I cannot resolve anything as the 192.168.10.X address is only reachable via the Openvpn tunnel.

On Windows, the DNS are corretcly injected through the tunnel (as it accepts the pushed DNS servers).

Thanks

K

@xiolo, this is exactly what i need also. +1

@alzhao

Yes. We will add this.

I checked and in most ovpn files provided by public vpn providers, there is no dns push. Any idea how to deal with such situation?

@alzhao

if none of those profiles push a DNS server, how about setup a vps on digital ocean, and have it push a dns server? even if you set it to push a public dns server, at least we can test to see if the push option was accepted.

that could be an option. But we will not build a DNS sever. It is difficult to maintain.

I think maybe the best solution is to set up a DNS server only for vpn. When vpn starts, the server will be used.

Could use google or opendns.

I know a lot of user don’t want to use google or opendns. But they provide a very stable service.