I want to add my entire DHCP range to the Policy as I only need 3 devices (which I have setup as static outside the DHCP range) to be direct.
192.168.0.100 - 192.168.0.149 is the DHCP range setup by DD-WRT as default and I just want to know what to enter into the PBR field under Services/OpenVPN Client.
The only way I know how to do this is to add each ip individually 1 per line
192.168.0.100/32
192.168.0.101/32 etc....
But I was wondering if there was a more efficient way to cover the 100-149 range.
Joined: 07 Apr 2018 Posts: 66 Location: Calgary, AB Canada
Posted: Wed Jun 13, 2018 18:40 Post subject:
Thanks so much that did it.
Now one last thing I need to figure out and everything is perfect.
3 devices on my dd-wrt are static and operate direct and bypass the vpn.
They are 192.168.0.205, 192.168.0.206, 192.168.0.207
I need to assign them a custom primary and secondary DNS, and I need to do it from the DD-WRT router.
Joined: 07 Apr 2018 Posts: 66 Location: Calgary, AB Canada
Posted: Wed Jun 13, 2018 20:12 Post subject:
also ssh into dd-wrt and ran both the udp and tcp commands (testing the results of each) and in both cases the DNS seems to fail to catch on so to speak.
Yet when running the command I got no error at the ssh console.
Joined: 07 Apr 2018 Posts: 66 Location: Calgary, AB Canada
Posted: Wed Jun 13, 2018 20:19 Post subject:
eibgrad wrote:
DNSMasq (the router's local DNS server/proxy) doesn't support different DNS servers for different source IPs. Neither can any public DNS server. DNS just doesn't work that way.
Assuming these three devices have static leases defined in the router, you could make DNS exceptions for them via DHCP. But it's necessary to establish the static leases directly in DNSMasq, using the Additional DNSMasq Options field, rather than the GUI.
What's happening here is that the tag "altdns" is being used to direct the DHCP server to use the DNS servers defined on the dhcp-option w/ the same tag for those devices.
However, a word of caution. Many times the dd-wrt version of DNSMasq can be woefully out of date, and therefore might not have this feature. Or sometimes the dd-wrt developers simply strip the feature out to save space. So I can't guarantee it will work for your build. But this *is* how you do it assuming your version of DNSMasq has the feature.
I think im going to give this method a try instead of iptables.
My DD-WRT build is DD-WRT v3.0-r36104 std (06/10/1 running on the Linksys WRT32X. Not sure if that helps in identifying if what I have will or will not work for the aforementioned method.
Currently my DHCP server is managed by whatever DD-WRT uses as default. I do have DNSMasq enabled as the OpenVPN guide for my ExpressVPN setup had me enable it and add "interface=tun1" to Additional DNSMasq options.
Do I simply need to add the code you offered (modifying the obvious parts to specify devices/dns servers) on the lines following the interface=tun1 I already have there
and in theory it should work following router reboot?
Joined: 07 Apr 2018 Posts: 66 Location: Calgary, AB Canada
Posted: Thu Jun 14, 2018 3:13 Post subject:
hey ebigrad tried the DNSMasq and it caused an issue where the dhcp failed to issue ip's to anything connected to the router after I rebooted it.
Even devices with static ips issued by the router would not work unless I went into windows tcp/ipv4 settings and specified ip address/gateway etc.
This is EXACTLY what I put in the DNSMasq field after interface=tun1 (decided not to remove that as it didnt seem to be causing any issues.. so dont like to mess with stuff)
the original code you gave me for the DNSMasq had mac addresses before each of the ip addresses, I assumed those were to be replaced with the mac addresses associated with the devices at the following ip. If I was not supposed to change that please let me know. Something must have caused the DHCP to hang.
Joined: 07 Apr 2018 Posts: 66 Location: Calgary, AB Canada
Posted: Thu Jun 14, 2018 4:28 Post subject:
Perhaps its also a setting...
Tab: Setup>Basic Setup under DHCP
Quote:
Use DNSMasq for DHCP - Enabled
Use DNSMasq for DNS - Enabled
DHCP-Authoritative - Enabled
Tab: Services>Services under DNSMasq
Quote:
DNSMasq - Enabled
Encrypt DNS - Disabled
Cache DNSSEC data - Disabled
Validate DNS Replies (DNSSEC) - Disabled
Check unsigned DNS replies - Disabled
Local DNS - Disabled
No DNS Rebind - Enabled
Query DNS in Strict Order - Enabled
Add Requestor MAC to DNS Query - Disabled
Also disabled Forced DNS Redirection. Not sure if it was the new code with -I instead of -A or the FDNSR being disabled (or both). But it works like a charm.
Only downside is being limited to just one DNS but besides that it works perfectly. I may try and see if I can figure out the DNSMesq though because it does seem like a much cleaner and better approach to this kind of advanced routing.