I noticed that some users have a problem with forcing OpenVPN client to use remote DNS running on the OpenVPN server.
It can be done in different ways but this is how I did that.
I run MT2500 with AdGuard as OpenVPN server (configured by default using GL web interface, it will offer OpenVPN subnet 10.8.0.0 by default) and want the client (a Windows machine) to send all DNS requests to MT2500 and be handled by AdGuard.
- add to the client ovpn (they can be also pushed to the client from the server with push command) file (on Windows in my case) the following commands:
ignore-unknown-option block-outside-dns
block-outside-dns
register-dns
dhcp-option DNS 192.168.81.1 where this is the IP of my MT2500
or
dhcp-option DNS 10.8.0.1 where this is the IP of the end of MT2500 OpenVPN tunnel (the client will have 10.8.0.2 IP address).
At this point DNS queries still cannot be resolved because the default setting MT2500 DNS “Local Service Only” is set to 1 and it seems OpenVPN is not considered “local”.
There are 2 ways to fix that:
a) disable “Local Service Only” and add the necessary firewall rules as described here (post 15):
https://forum.openwrt.org/t/solved-no-dns-over-vpn/4893/15
b) keep the option “Local Service Only” enabled and add “ovpnserver” interface name into the list of “Listen Interfaces”;
In both cases DNS requests sent by OpenVPN client will be resolved by MT2500 / AdGuard.
To verify that install tcpdump on yout OpenVPN server, determine the name of openvpn interface (‘ovpnserver’ in my case) and run the following command:
tcpdump -i ovpnserver port 53
and you should see DNS requests/answers sent/received by the client.
If you don’t see DNS queries from the client then your client may be using a different DNS server. If you see DNS queries from the client but you don’t see the answers then your server does not send them back (i.e. they are most likely blocked).