I added the firewall rule (firewall dns forward from wan port 53 to the glinet lan (127.0.0.1 & 192.168.1.1) port 3053), but it didn’t help. DNS requests are still going through the vpn. How to exclude adguard home from vpn?
brume2, axt1800 4.4.6
Adguard is a vpn in its own right so that’s probably half your problem. Not sure about the router version but on the device version of adguard the dns can be changed. You might want to uncheck the dns rebinding attack and override dns setting for all clients.
i think it is not normal
Does not make sense to me. You don’t want to forward anything from the WAN interface since this is your external interface. There is no need for forwarding rules in general, since you are trying to connect from inside your network to outside your network.
I would say the best way might be either a static route or switching to VPN policy and excluding the hostnames of the DNS services. But to be clear: I don’t think this is necessarily a good idea, depending on why you are using VPN. DNS leak (i.e. DNS without VPN) destroys the anonymity and can cause problems, because e.g. DNS servers answer that are not suitable for your internet zone (i.e. via VPN).
Example: You are in the USA and use a VPN from the EU.
Now your PC asks for the address for example.org and gets back from the DNS server in the USA (without VPN) that the IP is in New York. However, your Internet access is in the EU, which is why the path of the packets is unnecessarily prolonged.
I have a “VPN Policy Set up Based on the Target Domain or IP” (only domains) and I would like DNS requests to pass through the vpn only for those domains that are included in the VPN or no requests at all passed through the vpn (if the first option is not possible). Because I use vpn only for 1-2% of the requested domains.