OpenVPN and advertised DNS

mrflash · July 27, 2016, 12:58am

Hi
When running openvpn the router is still using my standard DNS server gived by DHCP on my wan interface.
Is there a way to make the router to use the DNS server given by openvpn server.
here is the log:
PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 78.46.223.24,dhcp-option DNS 162.242.211.137,route 10.7.7.1,topology net30,ping 5,ping-restart 30,ifconfig 10.7.7.78 10.7.7.77

When using these two DNS servers then DNS leak wont be any problem.

alzhao · July 28, 2016, 10:03am

Which vpn server are you using? I need to try and check how to avoid the dns leaks. Seems these dns options are not applied in the router, or it is not propagate to the clients.

mrflash · July 29, 2016, 10:10pm

I am using NordVPN and IPVanish and they both push DNS withe the dhcp-option DNS.
I did some testing starting openvpn manually and i got it to work by using a startup script with openvpn.

/usr/sbin/openvpn --script-security 2 --up /etc/config/openvpn_tun-up.sh --down /etc/config/openvpn_tun-down.sh --config /etc/openvpn/se7.nordvpn.com.tcp443.ovpn

And here is the tun_up script I made based on some other script I found using google: (excuse my mess but this is my first sh script i made)
#!/bin/sh
ns1=echo $foreign_option_1 | sed -e 's/dhcp-option DNS //g'
ns2=echo $foreign_option_2 | sed -e 's/dhcp-option DNS //g'
ucicmd=echo "uci set network.wwan.dns='$ns1 $ns2'"
eval “$ucicmd”
uci set network.wwan.peerdns=‘0’
uci commit network
/etc/init.d/network reload

However this script is locked to using wwan as the outside interface. It would be great to have it autodetect the outside interface.
And also this is not using the built in openvpn method already implemented in the firmware.

tun_down:
#!/bin/sh
uci delete network.wwan.dns
uci delete network.wwan.peerdns
uci commit network
/etc/init.d/network reload

Here is my rc.local boot script:
#!/bin/sh
if (grep -o “BTN_8.*lo” /sys/kernel/debug/gpio) >/dev/null
then
#switch in right position (on)
echo switch_on
/etc/config/start_openvpn
else
#switch in left position (off)
echo switch_off
/etc/config/openvpn_tun-down.sh
fi

And my BTN_8 script:
#!/bin/sh
echo “$BUTTON ${ACTION}” > /dev/console
if [ .${ACTION}. = .pressed. ]; then
killall openvpn
else
/etc/config/start_openvpn # that will start /usr/sbin/openvpn listed above
fi

alzhao · July 30, 2016, 6:11pm

Thanks for sharing. We will explore this issue.

unimployed · September 23, 2016, 2:58am

Are there any updates to this issue?

Subscribed

alzhao · September 23, 2016, 12:34pm

Hi, sorry I forgot this already. Let me pick up this.