VPN Policy Base not resolve domains

Model: GL-AR750 Creta
Firmware Version:** 4.3.7 Stable.

I’ve setup wireguard profile WARP Cloudfare, with enabled Global Proxy mode, all trafic goes via WG.

Once I have configured the VPN policy base on the target domain or IP address, WG cant resolve domains only IP’s from my list.
My list conains facebook and instagram subnets.
Domain themoviedb.org doesnt open but instagram works flawlessly

It seems that router cant resolve domains.

Which DNS server do your clients use?

On the phone i use nextdns. Laptop uses
If you mean to activate Override DNS Settings for All Clients

I’ve tried and no luck. Also want to say if i activate Global proxy all devices can resolve vpn domains.

The problem is that Vpn connection not using dns resolver in main settings.
There are several reports on the forum with same issues.

Try to use AdGuard Home as an DNS proxy without filtering. My setup uses it and it works without any problem. All my DNS queries go through VPN.

Do you mean DNS Crypt?

No. I mean directly using Adguard Home - might be not available for your device :frowning:
If you can’t find it within the GUI, it’s not.

I can install it, but yeah my device is old and i think it would be overloaded CPU and ram

Any recomendations from GL.iNet Staff?

I would say this is a WARP issue here.
Is it allowed to use other DNS than the WARP one when using WARP as a VPN?

Try with another DNS instead of the CloudFlare ones.

On the client, try to check the DNS results. If you are using Windows: Open the command prompt (cmd) and do nslookup google.com and nslookup google.com and nslookup google.com with and without VPN connected.

I want to say that on the 3* version of the firmware there was the same setting, everything worked flawlessly. There was only 1 problem, after 24-30 hours the 2.4 wifi stopped working, and only a reboot helped revive it.
That’s why I upgraded to firmware version 4*, but now I have a different headache.

Mhm, then I am out of idea :cry: Very sorry.
Maybe @yuxin.zou can help as soon as he has time for it.

@BURJUY I was all the time like “Yes, everything works with me” and now I have tested it with my Flint and realized that you are right. The VPN routing rules are basically broken. Only CIDR works, no domain names.

So it’s not your fault. I just hadn’t tested it and assumed it was still working … Nope.
Seems to be an FW problem indeed.

I’m sorry that I didn’t test it from the beginning …

1 Like

Great I’m not alone…
Waiting for the recomendations from GL.iNet Staff…

Just one more information: The issue is gone in the current 4.5.0 snapshot.

Date Compiled: 2023-11-03 22:49:23 (UTC+01:00)
SHA256: 836a08e4264704896ada8f9db0c710682f09ee6d50e940083a5db2b2dcf88fb2

But I would not recommend install it because snapshots are really bloody, mostly.

We will try to reproduce this issue.
Does this issue still occur if I use automatic mode in the DNS page?

Spoken for me, yes. But I use AGH mostly.
As I said: Snapshot works!

Yep it occurs if I use automatic mode in the DNS page

For my device there is no new snapshots…

1 Like

Could you please sum up the steps to reproduce the issues?
Show the VPN dashboard, DNS page screenshot, and where to do the DNS query.

Vpn Global settings

VPN Dashboard

DNS settings

Vpn Policy