SFT1200 VPN DNS issue on the v4.7.2

I tested VPN DNS is working for 4.7.2-0308, can you check by command if dnsmasq bootstrap correctly?

root@GL-SFT1200:~# ps w|grep dnsmasq
14990 dnsmasq   2936 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
14999 root      2864 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
15031 root      2844 S    /usr/sbin/dnsmasq -C /etc/dnsmasq.conf.vpn -x /var/run/dnsmasq/dnsmasq.vpn.pid --server=209.244.0.3 --ser
15032 root      2840 S    /usr/sbin/dnsmasq -C /etc/dnsmasq.conf.vpn -x /var/run/dnsmasq/dnsmasq.vpn.pid --server=209.244.0.3 --ser
20854 root      1352 S    grep dnsmasq
root@GL-SFT1200:~# 
root@GL-SFT1200:~# 
root@GL-SFT1200:~# cat /etc/version.date 
2025-03-08 17:53:01
root@GL-SFT1200:~# 
root@GL-SFT1200:~# cat /etc/glversion 
4.7.2
root@GL-SFT1200:~# 

4.3.24:

root@GL-SFT1200:~# ps w|grep dnsmasq
 5171 dnsmasq   2936 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
 5176 root      2864 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
14712 root      1352 S    grep dnsmasq
root@GL-SFT1200:~# cat /etc/version.date
2025-01-15 21:27:24
root@GL-SFT1200:~# cat /etc/glversion
4.3.24

4.7.2 0308

root@GL-SFT1200:~# ps w|grep dnsmasq
 4141 root      2844 S    /usr/sbin/dnsmasq -C /etc/dnsmasq.conf.vpn -x /var/run/dnsmasq/dnsmasq.vpn.pid --server=10.243.153.1 --no
 4143 root      2840 S    /usr/sbin/dnsmasq -C /etc/dnsmasq.conf.vpn -x /var/run/dnsmasq/dnsmasq.vpn.pid --server=10.243.153.1 --no
 5897 dnsmasq   2936 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
 5901 root      2864 S    /usr/sbin/dnsmasq -C /var/etc/dnsmasq.conf.cfg01411c -k -x /var/run/dnsmasq/dnsmasq.cfg01411c.pid
 7709 root      1352 S    grep dnsmasq
root@GL-SFT1200:~# cat /etc/version.date
2025-03-08 17:53:01
root@GL-SFT1200:~# cat /etc/glversion
4.7.2

Downgrading back to 4.3.24 as all DNS traffic is not routing over the VPN

@hansome I run a pivpn pihole over on a racknerd server, so I have full query logs from the dns server end.
When the sft1200 is running 4.7.2 I never see a single dns entry.
When the sft1200 is running 4.3.24, I see every dns entry.
Same OpenVPN configuration on both firmwares.

you must cancel 6th line and it works
i've the same problem on marble

but is that not crackers, to have to remove something from stock firmware that GL have tested before release?

The log looks okay. I don't know what caused the issue. Do you use adguardhome or encrypt DNS?
I confirmed again the vpn dns is working.

@hansome AGH does not work on the Opal, I do not use encrypt DNS.
This is not a wireguard vpn, this is an OpenVPN connection.
let me know if you want a client configuration to test with

@hansome do you want me to send if to the support email address or over the discord?

Thanks, I'll pm you

Meanwhile 4.3.25 is out:
https://dl.gl-inet.com/release/router/release/sft1200/4.3.25

Moving to 4.3.25 as security issues have been fixed, shall await a new 4.7 release with the security issues fixed.