I'm running the VPN client on my GL-MV1000.
I also configure custom DNS (NextDNS) on my GL-MV1000 for telemetry filtering.
I found some streaming services and banks refuse my devices behind my GL-MV1000.
So I want to filter these sites from VPN.
When I configure my GL-MV1000 as listed below,
it seems okay, however it is not what I want to do.
I want to use NextDNS on my GL-MV1000 for filtering, too.
Any suggestion ?
DEVICE: GL-MV1000
Firmware: 3.218
VPN -> OpenVPN Client: Connected to NordVPN
VPN -> VPN Policies
Enable VPN Policy: ON
Use VPN for guest network: OFF
Use VPN for all processes on the router: ON
Please Choose Policy: Domain/IP
Please Choose Rules: Do not use VPN for the folowing
{sitename 1}.com <- streaming service which rejects access from NordVPN
{sitename 2}.com <- bank service which rejects access from NordVPN
MORE SETTINGS -> Custom DNS Server
DNS Rebinding Attack Protection: ON
Override DNS Settings for All Clients: ON
DNS over TLS (Cloudflare or NextDNS): OFF <- I want this option ON
Dnscrypt Proxy Settings: OFF
Manual DNS Server Setting: OFF
It is mostly not enough to just exclude the main domain of your streaming service. They rely on many different domains. To make it work, you need to figure out every domain that might be used. DNS logs can be helpful for that.
Or you might exclude the whole device, if possible.
I already can access streaming (and bank) service, if I stop using "DNS over TLS"'.
However, this means that I can not filter telemetory packets from my home network by NextDNS.
I want to use both VPN policies and DNS over TLS.
If someone already does it, please show me the configuration.
Since sometime they had made a change where the dns from the vpn could leak over the wan policied clients, hence the nextdns profile which is set.
I have reported it a few times, but it just got passed like it wasn't important and it was as expected.
^ this happened with the mullvad auto profile.
i had it with my isp iptv, because it got blocked because it used mullvads dns over wan... Only fix was forcing dns with dhcp option 6, either with a tag or on the dhcp server.
Can you check if something like this still happen?
Well you can go into luci -> network -> interfaces -> lan then click on the tab dhcp server, there is a option for dhcp options, you can use 6,8.8.8.8 for google dns.
For tags this is a bit more complicated and may require ssh you can find more about that here.
Most IPTV servers that I tested blocked Mulvad, which made me go to protonvpn. Did you manage to solve this problem with Mulvad just by changing VPN DNS?
Yes, but the issue was more a bug, i wanted my iptv to exclude from vpn by policy that worked fine except the dns from mullvad was still set and that is not good, but forcing a dhcp option is a temporary bandaid fix around it.
Some cdns, but also iptv providers also check on dns origin and then still block it, i found my mullvad dns through ipleak.net on the wan policied device, i don't know if anything has been changed later, but since the OP has issues i wonder if hes also affected by this.