nslookup fails using OpenVPN to home router

Technical Support for Routers VPN, DNS, Leaks
1

This is new to me, so apologies in advance if I'm missing something obvious.

My setup is a router at home with OpenVPN Server running. I'm using a GL-MT3000 (upgraded to 4.7.4, but same issue) on the road, using OpenVPN Client to connect to the hotel WIFI and then to my home network. The VPN isn't working. Some comments:

  • VPN disabled connects and works fine to internet.
  • VPN worked on other networks, and if I power cycle the GL-MT3000 on this network, sometimes it works (and works perfectly to home network until rebooted).
  • With VPN off, I can use my PC's OpenVPN client and it connects to home network
  • GL-MT3000 settings:
    • Block Non-VPN Traffic on/off doesn't make a difference.
    • NETWORK: DNS: all settings are off (e.g., Allow Custom DNS to Override VPN DNS).

Here's the OpenVPN Log:

Thu Apr 10 08:49:09 2025 daemon.notice ovpnclient[26871]: net_iface_mtu_set: mtu 1500 for ovpnclient
Thu Apr 10 08:49:09 2025 daemon.notice ovpnclient[26871]: net_iface_up: set ovpnclient up
Thu Apr 10 08:49:09 2025 daemon.notice ovpnclient[26871]: net_addr_ptp_v4_add: 10.8.0.6 peer 10.8.0.5 dev ovpnclient
Thu Apr 10 08:49:09 2025 daemon.info avahi-daemon[6821]: Joining mDNS multicast group on interface ovpnclient.IPv4 with address 10.8.0.6.
Thu Apr 10 08:49:09 2025 daemon.info avahi-daemon[6821]: New relevant interface ovpnclient.IPv4 for mDNS.
Thu Apr 10 08:49:09 2025 daemon.info avahi-daemon[6821]: Registering new address record for 10.8.0.6 on ovpnclient.IPv4.
Thu Apr 10 08:49:09 2025 daemon.notice ovpnclient[26871]: /etc/openvpn/scripts/ovpnclient-up ovpnclient 3 ovpnclient 1500 1625 10.8.0.6 10.8.0.5 init
Thu Apr 10 08:49:09 2025 user.notice ovpnclient-up: env value:route_vpn_gateway=10.8.0.5 X509_0_emailAddress=me@myhost.mydomain daemon_log_redirect=0 X509_1_emailAddress=me@myhost.mydomain script_type=up proto_1=udp daemon=0 SHLVL=1 foreign_option_1=dhcp-option DNS 192.168.14.1 dev_type=tun route_network_1=192.168.14.0 remote_1=73.118.134.32 dev=ovpnclient route_network_2=192.168.14.1 route_network_3=10.8.0.1 X509_0_CN=RT-AX1800S X509_0_C=TW remote_port_1=8601 X509_1_CN=RT-AX1800S X509_1_C=TW tls_digest_sha256_0=79:ee:a2:4d:88:21:b2:98:c7:0d:d0:8e:0b:99:4b:65:49:fc:e8:21:5a:eb:3d:6a:3e:a1:d2:8c:6d:ca:72:b8 daemon_start_time=1744242547 script_context=init ifconfig_local=10.8.0.6 common_name=RT-AX1800S tls_digest_sha256_1=5b:6f:6d:cd:70:da:04:f2:24:7e:bb:9c:ff:2e:c4:68:6a:d5:bf:b9:80:27:e5:89:fc:a8:3d:20:4d:50:d2:48 X509_0_L=Taipei verb=1 X509_1_L=Taipei link_mtu=1625 X509_0_O=ASUS route_gateway_1=10.8.0.5 trusted_ip=73.118.134.32 tls_serial_hex_0=01 X509_1_O=ASUS tun_mtu=1500 route_gateway_2=10.8.0.5 route_netmask_1=255.255.2
Thu Apr 10 08:49:09 2025 daemon.notice netifd: Network device 'ovpnclient' link is up
Thu Apr 10 08:49:09 2025 daemon.notice netifd: Interface 'ovpnclient' is now up
Thu Apr 10 08:49:09 2025 daemon.notice netifd: ovpnclient (26871): route: SIOCDELRT: No such process
Thu Apr 10 08:49:09 2025 daemon.notice netifd: ovpnclient (26871): route: SIOCDELRT: No such process
Thu Apr 10 08:49:09 2025 daemon.notice netifd: ovpnclient (26871): route: SIOCDELRT: No such process
Thu Apr 10 08:49:09 2025 daemon.notice netifd: ovpnclient (26871): route: SIOCDELRT: No such process
Thu Apr 10 08:49:09 2025 daemon.notice netifd: ovpnclient (26871): route: SIOCDELRT: No such process
Thu Apr 10 08:49:09 2025 daemon.notice netifd: ovpnclient (26871): route: SIOCDELRT: No such process
Thu Apr 10 08:49:09 2025 user.notice firewall: Reloading firewall due to ifup of ovpnclient (ovpnclient)
Thu Apr 10 08:49:09 2025 daemon.notice netifd: ovpnclient (26871): RTNETLINK answers: Permission denied
Thu Apr 10 08:49:11 2025 daemon.warn ovpnclient[26871]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Thu Apr 10 08:49:11 2025 daemon.notice ovpnclient[26871]: Initialization Sequence Completed

I am getting traffic across the VPN (Traffic Statistics down 22.99 KB / up 50.50 KB).

image
image1263×484 24.6 KB

With the VPN enabled, nslookup fails:

C:>nslookup www.google.com
Server: UnKnown
Address: 192.168.8.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to UnKnown timed-out

However, with the VPN off, it succeeds:

C:>nslookup www.google.com
Server: console.gl-inet.com
Address: 192.168.8.1

Non-authoritative answer:
Name: www.google.com
Addresses: 2404:6800:4004:801::2004
142.251.222.4

Any thoughts? Thanks in advance.

2

Hello,

  1. Please export and share us the entire issue syslog file "logread.tar". Thanks.
  2. If import this OVPN profile to the PC APP "OpenVPN", and the PC connected to the hotel Wi-Fi, does it work?
4

Thanks, here are the logs.

Musse reboot with VPN and DNS Error.tar (201 KB)

Could it be related to this in the log?

Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8445]: Connected to system UBus
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8449]: started, version 2.85 cache disabled
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8449]: DNS service limited to local subnets
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8449]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8449]: UBus support enabled: connected to system bus
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq-dhcp[8449]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8449]: using only locally-known addresses for domain lan_chgd
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8449]: read /etc/hosts - 4 addresses
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8449]: read /tmp/hosts.vpn/lan_hosts - 0 addresses
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq-dhcp[8449]: read /etc/ethers - 0 addresses
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: Connected to system UBus
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: started, version 2.85 cachesize 150
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: DNS service limited to local subnets
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: UBus support enabled: connected to system bus
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq-dhcp[8615]: DHCP, IP range 192.168.8.100 -- 192.168.8.249, lease time 12h
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq-dhcp[8615]: IPv6 router advertisement enabled
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: using only locally-known addresses for domain test
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: using only locally-known addresses for domain onion
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: using only locally-known addresses for domain localhost
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: using only locally-known addresses for domain local
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: using only locally-known addresses for domain invalid
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: using only locally-known addresses for domain bind
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: using only locally-known addresses for domain lan
Thu Apr 17 16:26:52 2025 daemon.warn dnsmasq[8615]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: read /etc/hosts - 4 addresses
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq[8615]: read /tmp/hosts/dhcp.cfg01411c - 3 addresses
Thu Apr 17 16:26:52 2025 daemon.info dnsmasq-dhcp[8615]: read /etc/ethers - 0 addresses

I uploaded the laptop's OpenVPN settings to the GL-MT3000 and hit the same error. How do you download the GL-MT3000 profile to the PC? Do you still need me to try this? Thanks.

5

Also, I should mention that the OpenVPN client (on the GL-MT3000) has worked fine in other locations. I'm not sure what's unique about this hotel. It seems like a standard password protected SSID (no portal login).

6

Hi,

It seems that there is nothing unusual in the VPN establishment and connection process.

But I found that the IP range of the hotel WiFi the router repeated conflicts with the DNS of the home OVPN server.

VPN DNS: 
Thu Apr 17 16:27:53 2025 daemon.info dnsmasq[10525]: using nameserver 192.168.14.1#53

Router repeater IP range:
192.168.0.0/16 dev apclix0 proto static scope link metric 20

Please try to customize the DNS GL GUI > Network > DNS > Manual DNS > Google, and enable "Allow Custom DNS to Override VPN DNS".