PBR = DNS leak.. help..

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
Diabolicgambit
DD-WRT Novice


Joined: 11 Oct 2018
Posts: 7

PostPosted: Fri Oct 12, 2018 5:26    Post subject: PBR = DNS leak.. help.. Reply with quote
So I figured how to use PBR to isolate my Xbox from my VPN tunnel great.. exept it opens a exploit (read DNS leak) that leaks your actual IP address even on your other devices connected through the VPN.

Check http://www.whatismyipv6.com


When I disabled PBR the leak disappeares.. and my VPN is once again hidden.. but this is very disturbing...

Has anyone else run into this problem.. is there a work around..?? Am I missing something..??
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 2431
Location: Netherlands

PostPosted: Sat Oct 13, 2018 16:22    Post subject: Reply with quote
We can provide better assistance if you would share with us your router, firmware and network setup (which you would have known if you bothered to read the forum rules)

I am not sure what you mean, you mention a DNS leak but are referring to a site to detect your IP address (IPv6).

If your IPv4 address is visible then the PBR is not working properly.

If your IPv6 is visible then disable IPv6

When using PBR then DNS queries are send over the WAN so you should set the 3 static DNS servers to Public servers from your VPN provider and Enable 'Query DNS in strict order' , although this is not a foolproof solution.
To be absolutely sure that your ISP's DNS server is not used, you have to use the no-resolv directive in DNSMasq options like:
Code:
no-resolv
server= 209.244.0.3 #level3
server= 209.244.0.4 #level3
server=1.1.1.1 #cloudfare
server=1.0.0.1 #cloudfare


Although then only servers you specify are used (and you should specify the public DNS servers from the OpenVPN provider) queries are still send over the WAN so theoretically could be intercepted.
So if you are a high level government target you should send the queries over the VPN, for that you need one of @Eibgrad's advanced scripts.
However you need a USB stick/disk for that attached to your router (the script is huge and not easy to setup)

Use ipleak.net to test

_________________
Router Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum