Using hostnames in whole network

dieterlind · November 18, 2023, 6:00pm

What I just figured out:
When I change the VPN policy from “defined by MAC address” to “global proxy” it is also working.
But actually I don’t want to route every traffic via VPN but just defined devices.

LupusE · November 18, 2023, 7:37pm

Network1 (192.168.0.0/24): Internet - GL iNet Router - LAN
VPN: GL-iNet Router - Any OpenVPN Endpoint
Network2: Any OpenVPN Endpoint

I know OpenWrt could do this by manual configuration of the routes, but I am not sure if GL-iNet is the right choice here.
My GL-iNet travel router providing a secure route for all clients to a defined VPN Endpoint. As the Endpoint is at my home and I am allowing the VPN to access the LAN, the DNS (not on the router, it is a bigger solution in a VM) within my LAN can handle all requests.

The difference is, that all DNS and networking is handled at the VPN server side. As far as I can read, you want to make a VPN client as server. Not impossible, but I am out here.

bring.fringe18 · November 18, 2023, 7:48pm

You may have stumbled on a bug. Post your device model, firmware version & ping @hansome .

GL GUI → System → Upgrade → Local Upgrade

dieterlind · November 18, 2023, 9:05pm

Device: GL-AX1800
Firmware: 4.4.6, release 1

hansome · November 20, 2023, 7:29am

This is indeed an issue, the dns traffic for devices not using VPN will be redirected to upstream DNS server which will not know what the local domain is like.
We need to implement a new method for DNS traffic separation.

dieterlind · November 20, 2023, 7:46am

OK … thanks for the feedback.
If you have a fix to test just let me know.
Would really love to be able to use this functionality

bring.fringe18 · November 20, 2023, 5:20pm

@hansome

Have you just considered updating the DNS side of the GL GUI to all handle it all by dnscrypt-proxy2? It plays very nicely w/ dnsmasq-full… & will allow you to finally dump stubby. It’d be nice to have the GUI handle user-defined .toml confs too (eg: Quad9).

Here’s the HOW-TO I followed on a Flint (GL-AX1800) w/ f/w 4.4.6-release1 & a Certa (GL-AR750), f/w 4.3.7-release4:

hansome · November 21, 2023, 1:26am

dnscrypt-proxy2 is relatively big. We have it builtin if the device storage and RAM are enough.

We’ll check if it’s possible.

bring.fringe18 · November 21, 2023, 1:32am

Yeah, I could see that being an issue. I happen to run extroot on my Certa (GL-AR750). One LAN client w/ dnscrypt-proxy2 takes 15.6 MB RAM. The Flint (GL-AX1800) in the same scenario is 13.5 MB. Both device’s firmware are current stable builds.

hansome · January 4, 2024, 6:15am

Update: this issue will be addressed in firmware 4.6. I sent dieterlind a test firmware by private message.

nascent · January 28, 2025, 7:22pm

I discovered this thread as I've been having this exact issue. local DNS works and I can nslookup hostnames on my LAN until a VPN client client is enabled - in my cast wireguard client.
I see this was supposedly fixed a year ago on 4.0. I'm on 4.7.0 a year later and still have this issue.

hansome · February 5, 2025, 7:18am

Did you enable "AdGuard Home Handle Client Requests", it will intercept dns requests before dnsmasq.