Firmware openwrt-ar750s-3.201-0402.tar, possible still same DNS leak or again

I am using Nordvpn, AR750S with 3.201 firmware. Checked and I don’t have dns leak.

After testing one time again now, with the actual Beta 3.201 2021-04-23, I replaced the firmware from all systems by the non DNS leaking released one openwrt 3.105.tar

By the way. The Beta 3.201 2021-04-23 have all some hours breaks in internet connection by ethernet cnnected clients (no wifi connected clients er tested). Thats are the 2nd no go for me. by the way, one other user reported on forum about breaks on his wifi connection all 30 minutes or so on…

Now I am out some days and stopp endlos testing… I am not a gl fulltime stuff or a gl shareholder… It can be I will check some times about they are statements about starting to fix the near endless list of bugs or doing some of suggested improvements…

Any news about fixing DNS leak on GL firmware newer than 3.105 ?

The Firmware 3.105 is the last one known without DNS leak on GL AR300, AR750 and AR750S.

I added the test result of AR300 and AR750 to the first post now.

Thanks for your time testing the firmware.

But can you give details of the dns leak? e.g. what settings did you make, what vpn you are using, and other details I don’t know. Or did you use reserved settings from old firmware?

As I said, I tested 3.201 and I didn’t observe these leaks. There is no way to fix it if the problem cannot be replicated.

You can send me private message/email if you want.

For your info:
AR300M, FW 3,201
No DNS leak detected, using VPN (mainly Wireguard) and “override DNS settings for all clients”.

I use only Open VPN.
Now I added this to the first post now.

Open VPN works fine up to GL Firmware 3.105 on AR 300, AR 750 and AR750S. GL Firmware are not possible to use (at minimum for protonvpn) for AR 300, AR 750 and AR750S depend on DNS leak.

I think your leak is a DNS cache or browser cache issue. I cannot replicate it.

I can reproduce it and I reproduced it on a hand of different own environments and from others who use gl router. So I think it should not be released so long it have buggs on this level.

  • Firmware up to incl. 3.105 dont have a DNS leak
  • Firmware 3.201 have a DNS leak

I tested 3.201 and there is no DNS leak

under what conditions is the leak occurring? I’m looking to reproduce my self. can you explain your environment. thanks

for example
default settings, Override DNS Settings for All Clients?
cloudsflare, nextdns dnscrypt proxy?
internet kill swith?

fyi if you looking to use protonvpn internal vpn dns servers they are at and perhaps these address are conficting internally with your networking environment.

  • IPV4: on, IPV6: off
  • Wireguard service: disabled on startup
  • Dropebear: disabled on startup
  • Override DNS Settings for All Clients: on
  • Internet Kill switch: on
  • OpenVPN, Proton VPN

How are you connecting to internet? If it’s another router/modem, then it is probably set to use your ISP DNS - you need to disable that in settings.

I still can’t reproduce a leak, even using your settings (I tested using a USB broadband dongle).

  1. is your wan connected directly to the internet and recieving dns from isp?

  2. can you post your .ovpn file without the auth line of course.

  3. after router is up and vpn connected and client machine is connected what is the dns of the client machine “ipconfig /all” or /etc/resolve.conf

  4. how are you detecting the leak? or wireshark, etc?

  5. what browser are you using and do you have dns-https disabled?

Alza wrote:
“If you use cloudflare etc. it will not use the dns offered by dhcp.”

My answer:
Thats exactly what the dns leak are doing. The GL firmware use the DNS from DHCP and ignore the on gl router configured DNS.

Leaky Configuration:

I cant check /etc/resolve.conf on this time with the buggy 3.201 firmware, because I use now only the last not DNS leaking one 3.105 firmware.

thanks for the response.

  1. Did all leak sites detect the leak? I have not been able to reproduce with all your settings.

  2. are you the only client on the router? terado, ipv6-over-ipv4?

  3. here is the last question no admin likes to hear including me… did you start with a fresh install or did you upgrade with keep settings on router firmware?

Now I have found one other user which looks like have the same DNS leak by useing Wireguard against me by useing OpenVPN:

" I do have custom DNS settings configured, however I am also using the AR750 as a Wireguard client. My issue is that the device does not configure DNS correctly. My client devices always use the upstream devices DNS server."

Source: Wireguard client not honoring DNS setting [workaround discovered]

But that is on a very old firmware, isn’t it?

The same bug on a verry old and a actual firmware. In boot cases, the client devices always use the upstream devices DNS server and not the on router configured one.

I hope the hint can help how to check, find and fix this bug on actual firmware versions again.

Good afternoon, I can confirm that firmware version 3.201 does leak DNS, and I “solved” the problem by reverting to version 3.105. However I still seem to have problems casting (BBC) to chromecast. after 20 mins or so the screen says: Ready to cast and I have to stop casting and restart.

1 Like