Posted: Sun Mar 24, 2024 11:41 Post subject: DD-WRT blocks client computer VPN via PPPoE connection
Hello,
I need advice on configuring DD-WRT to use a local DNS server through dnsmasq (and possibly SmartDNS) while allowing a client computer to establish a VPN connection.
The scenario: I have an Asus RT-AC68U with the v3.0-r55363 std (03/13/24) build. The ISP WAN connection is set to "DHCP Automatic" and works right out of the box.
I aim to set up a local DNS (and reverse proxy via Entware) for easier client management, as I have several local clients (CUPS printer, 3D printer, local NAS server, etc.) and I would like to replace their Web GUI access from IP:port to something simpler. My preference is to configure local DNS and reverse proxy within DD-WRT's dnsmasq, avoiding the need for an additional device like Raspberry Pi with Pi-hole in my home network. I've also enabled SmartDNS for DNS resolution improvements and ad-blocking, which might be contributing to the problem, but the issue persists even when SmartDNS is disabled.
Everything else functions well, but the issue arises when my work laptop needs to establish a VPN connection (PPPoE), and DD-WRT prevents it. I've tracked down that the VPN issue is tied to DNS server resolution. I can maintain my VPN connection if the VPN's DNS servers (10.0.x.x) are added to dnsmasq and the connection to VPN tunnel is established outside the dd-wrt. More specifically if my computer is already connected to VPN (established via mobile hotspot) and I just change my connection from hotspot to dd-wrt wifi, then the connection is retained. However, I can't initiate a new VPN connection directly through DD-WRT WiFi.
Strangely, I can create VPN connection even if the mobile hotspot's internet connection comes from DD-WRT WiFi (so the upstream DNS is still from DD-WRT), but this workaround doesn't work when I try to connect my laptop directly to the VPN. Anyway, the crux of the problem is the need to use the VPN's DNS servers (local 10.0.x.x addresses via VPN) to establish and maintain the VPN connection, while keeping local DNS for other devices.
I'm seeking advice on achieving a proper and reliable setup:
* Most of my WiFi clients should use dnsmasq/SmartDNS for DNS resolution.
* My work computer should connect to the same WiFi but bypass the local dnsmasq/SmartDNS to automatically establish the necessary VPN connection without any unusual workarounds or hard-coded DNS servers for my work computer in the DD-WRT router.
I've attempted to configure this using my work computer's MAC address to set the necessary DNS servers, but without much success.
What strategy should I follow? Can I establish a different VLAN for my work computer under the same WiFi connection to force it to bypass the local DNS server? If not a separate VLAN, can I achieve this with MAC address-based settings?
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Sun Mar 24, 2024 18:51 Post subject:
milosh wrote:
Yes, VPN is running on client, not in the router.
Well it is up to the VPN client to deal with pushed DNS servers from the company server, the router is not involved.
If it is OpenVPN you can add to the openvpn config file:
dhcp-option DNS 10.1.6.1
or add your own DNS server if the VPN client allows local access e.g.
dhcp-option DNS 192.168.1.1
Your DNSMasq and SmartDNs are not really "optimal".
SmartDNS guide is a sticky in this forum
The log file /tmp/smartdns.log does not exist..
If I set
Code:
dhcp-option=option:dns-server,10.1.6.2
to dnsmasq, then syslog warns on duplicate dhcp-option 6. The behavor itself doesn't change, client cannot establish VPN connection.
The 10.1.6.2 and 10.1.18.4 are the DNS servers that VPN tunnel is using. However I don't know whether the VPN server for the client is OpenVPN or something else.
Joined: 18 Mar 2014 Posts: 12922 Location: Netherlands
Posted: Sun Mar 24, 2024 20:38 Post subject:
milosh wrote:
The log file /tmp/smartdns.log does not exist..
If I set
Code:
dhcp-option=option:dns-server,10.1.6.2
to dnsmasq, then syslog warns on duplicate dhcp-option 6. The behavor itself doesn't change, client cannot establish VPN connection.
The 10.1.6.2 and 10.1.18.4 are the DNS servers that VPN tunnel is using. However I don't know whether the VPN server for the client is OpenVPN or something else.
Disable "Forced DNS Redirection", you are breaking your own DNS resolution. Please read the SmartDNS documentation, as suggested already. All you should need is a properly configured VPN client on the laptop (and proper DD-WRT configuration).
DDWRT SmartDNS 7.pdf _________________ "The woods are lovely, dark and deep,
But I have promises to keep,
And miles to go before I sleep,
And miles to go before I sleep." - Robert Frost
"I am one of the noticeable ones - notice me" - Dale Frances McKenzie Bozzio
I will restart from fresh factory settings, building customization up step-by-step, following SmartDNS sticky guides and dnsmasq guides. All the suggestions were helpful and I hope that I can get it working.