I am using Nord and used the same settings but I don’t have DNS Leak.
Previously the problem was in the default vpn policy.
Can you check if you have configured any vpn policy? The “Use VPN for all processes on the router” must be on. This should be the default setting on 3.203 beta4.
Can you turn on/off this option can try again? Just to make sure this is not the problem caused.
It is the country that is leaking, since Clouflare takes the closest servers, I’m not sure that this is a router problem, but still an interesting observation…
Now I was doing a very short test of ar-750s and actual beta firmware with the follow results:
Antesting the openwrt-ar750s-3.203-0703.tar:
Updated from working configuration to openwrt-ar750s-3.203-0703.tar
got a vpn connection a at minimum no https traffic to outside was possible
looked a little bit around on the settings without to see a misconfiguration
doing a reboot which didnt help on this
stopped antesting of openwrt-ar750s-3.203-0703.tar
Antesting the openwrt-ar750s-3.203-0703.tar:
updated the router to openwrt-ar750s-3.203-0701.tar
vpn are working
http and https are working to outside
Leaktest by router firmware by menu item offered cloudflare DNS, are still leaky. In this configuration a DNS from cloudflare are used which is the closest to the router location and not the closes one to the VPN endpoint position. So its still leaky. If I remember right from previous tests, this is also a way for getting slow unnecessary DNS answers. You can check the DNS leaks by p.e.
Testing of possible available non leaky configurations:
If you select NextDNS against Coudflare by gl webmenue item, the DNS is not leaky, it mean you get answers from DNS server which are the closest to the VPN endpoint and not from DNS server which are the closes to your router position. The DNS is also fast on this way.
If you configure by self a DNS server, p.e. a external one, re one which is offered from your VPN provider inside the vpn channel, its not leaky too and a fast depend on short ways.
My suggestion for this is:
Deactivation of the Cloudflare DNS offered per menu item, as long as the implementation is leaky. Finally, presumably not every user checks what the router actually does when you use this and that menu item, but trusts that even before a firmware was released also tried times.
Recall of the released and known DNS leaky firmware 3.201.
Replacement of the 3.201 firmware with a firmware that does not offer Cloudflare as a menu item, as long as it is not implemented in a non-leaky way.
Buddy, I had exactly the same problem with DNS Clouflare, but after I updated the firmware version of my MT1300 Beryl to version 3.203-0722, the problem disappeared, the DNS is shown closest to the VPN! I can check how things are with the AR750S later if you want…
I don’t have a problem. I am using a configuration which are not affected by this leak. I described the two available non leaky ways already.
The gl firmware have problem which are used by some thousand customers which possible not checking by self what the firmware are doing.
I think, security bugs should be fixed at minimum.
It can be NextDNS and Cloudflare are getting the same information about the router location, a only Cloudflare are use this for offering the closest DNS server…
If I remember right, I have seen a “Cloudflare Bug” and a fix on open wrt bug tracker some month ago …
Are you trolling or something? You wrote above that you have no problems and we checked and confirmed that there are no leaks in the new firmware, then what fixes do you need?
Not every user are checking which configuration are leaky and which ca used. So I think it will be better for perhaps 80% of user a firmware which dont have parts which are DNS leaky.
@Henry_Bruns
I understand you still have DNS leak. But we tested and still cannot replicate the problem. But I do believe there may be a problem somewhere that we didn’t think of. We prefer to release 3.203 now and continue to investigate.
Its easy to to protect the possible 80% of user which don’t check by self what the firmware are doing, by gray out the offered leaky cloudlare menu point, so long the DNS leak are not fixed.
See follow 3.201 related:
What are a possible conclusion?
So I guess the available open wrt fix for this are possible not installed for every hardware versions of openwrt-ar750s-3.203-0701.tar beta 4 firmware version, p.e. not on gl-ar750s firmware version.
Firmware version should not be the case. As we checked before. The problem was identified as default vpn policy change. So we fixed that. Surely checked AR750S
Firmware or Cloudflare related DNS leak. One of them. If no fix are possible. Disable the Cloudfllare menue item for protecting user which dont check by self what the router are doing by selcting this menue item. Remember. The 3.105 firmware doont have this DNS leake.
By the way. If you mean the 3.2.03 firmware fixing a known 3.201 DNS leak, it can be it will be a good idea to remove this firmware version from download for protecting gl customer.