Issue with DNS when VPN client enabled

I am using Flint router, on latest version. 4.2.3
Im using mullvad vpn for wireguard vpn client in the router, i have it setup so that only my Virtual machine uses the VPN by mac address, it works well. The issue i see that is somehow is routing the DNS from that vpn client to the rest of the machines that are not using vpn. I went on my other machine and and it shows the vpn ip as my dns, even though my other machine is not using the vpn client.
Why is that?

Does the superior of these devices not connect to a VPN router?

Yes my other devices are connected to the flint router, BUT i have only specified 1 machine MAC address, to use the vpn client. Why are the rest machine leaking that VPN client’s DNS?


I have the same issue on my Brume 2 - when VPN is enabled all devices go through the VPN for DNS, not just VPN enabled clients:

@subzero06 I see your issue.I will pay attention to this issue.

@scumball DNS and vpn are used together. I’m going to test the priority.

1 Like

@lizh Would it require code change to fix it? or is it something i can configure on my end?

Some system rules need to be changed. Version 4.5 will fix it. A beta version of 4.5 is also being prepared.

1 Like

Thank you! will wait for the new release.

The issue still occurring on the 4.5 snapshot, is the build not ready yet?

There was a build system issue, which is fixed now.
Please check snapshot today. GL.iNet download center
with this version of wireguard client:

root@GL-AX1800:~# opkg list |grep wg-c
gl-sdk4-wg-client - git-2023.220.34505-07592b5-1

Hi @lizh
Which routers will get 4.5? I saw a post stating it is not planned for all routers, and some will only go to 4.3.x.

The first models to be upgraded include the MT3000, AX1800, AXT1800, MT2500 and X300B, of course, the new MT6000, which will also use 4.5.
Other products will also be upgraded.

Coming back to this, this is still happening on the Flint 2 with the firmware v4.5.2
Why is that?

Have you enabled custom DNS or adguardhome while using VPN policy?

Im using AdGuard only, yes.

When i disable Adguard, then it works correctly - is this the correct way? Adguard has to be disabled?

1 Like

Guess it is because of preventing VPN DNS leaks.

It’s better to leak a VPN DNS when there is no VPN instead of leaking the non-VPN DNS when there is a VPN.

This is true for current firmware. Custom DNS has the highest priority now.
We will reconstruct the order of DNS: VPN DNS, custom/cryptodns/adguard, and ISP DNS.
The key point is to make custom DNS override ISP DNS.
That should be done in the middle of this month.

1 Like

Amazing, thank you. This would be something that we can select for the priority selection?

Yes, VPN DNS and custom DNS have the priority selection.

1 Like