VPN Policy Base not resolve domains

admon · November 6, 2023, 7:48am

Same setup like @BURJUY but I am using Adguard Home as an DNS proxy.

hansome · November 6, 2023, 9:58am

In the current design, the manual DNS will override VPN DNS.
So a domain set to use VPN (eg: themoviedb.org) will still do DNS query via Encrypted DNS.
So that response will be from local ISP instead of VPN ones.
We haven’t fixed this yet.

Temporary workaround:

sed -i '/return 0/d' /usr/bin/route_policy

and apply “VPN Policy Base On The Target Domain Or IP” again.

You can try this command, if it still doesn’t work, I may be wrong. So can you guys let me do a remote check? @BURJUY @admon
To be honest, I didn’t reproduce the issue, my ISP and VPN returned to me the same DNS query result.

admon · November 6, 2023, 10:03am

That’s not the issue here. The issue is that the result (the IP) will not be routed correctly by VPN then.
A small example:

Here in Germany you can use VPN as normal. Everything is fine. I use Mullvad as a permanent VPN to send all my traffic over it.

But: Disney Plus doesn’t like Mullvad and blocks the use of VPN. So I have to route the Disney Plus domains via the normal ISP connection.

This was possible with the VPN routing policy - until the 4.4.x update? (Don’t pin me down to the version)

In 4.4.6r1, this entire domain exception list was simply ignored. You can easily test this: Remove the domain “ifconfig.co” from the VPN using the domain exception … and see if the VPN IP or the real IP of your ISP comes back.

Edit: And while we were talking about it, it stopped working for me again o_O
Now the Based on the Target Domain or IP for Excluding from VPN does not work anymore.

Edit²: @hansome If remote check makes fixing it more easy, just contact me. You will find me on the discord as well, same name as here.

hansome · November 7, 2023, 9:52am

After debugging with @admon, we found it’s necessary to set client DNS server to the router.
Could you please try? @BURJUY

Does this work for you:

sed -i '/return 0/d' /usr/bin/route_policy

BURJUY · November 7, 2023, 11:36pm

No it doesnt work for me, I sshed sed -i ‘/return 0/d’ /usr/bin/route_policy, then applied “VPN Policy Base On The Target Domain Or IP” again.
No luck.

You can find me in discord @i.burjuy
My TZ=UTC+11

admon · November 8, 2023, 5:46am

Are you sure that your client uses the router as DNS?

BURJUY · November 8, 2023, 6:18am

I’ve changed DNS from 1.1.1.1 to router DNS on laptop and it seems started to work.
But earlier on 3.* firmware it worked without changing of DNS.
It looks like 4* is unstable yet…

admon · November 8, 2023, 6:23am

I thought the same thing at first, but on closer inspection this cannot be the case. Technically, the DNS queries have to be answered by the router, otherwise the VPN policy can’t work.

In my case, at some point I stopped using the router as the DNS server, hence the problem.