Simply change Nord's vpn endpoint server, it would appear to have been band by the services your trying to stream from if you can reach every other site.
I've tried 4 endpoints so far. Same issue.
foz111 wrote:
This is not a DD-WRT issue.
roger
foz111 wrote:
Some times a reboot will fix this issue, as Nord run multiple IP's from a server. unless your using ip's in server field and not the FQDN.
Rebooting didn't help. What server field are you referring to? DNS Servers via Tunnel?
Have you checked while connecting to nord vpn you don't a dns leak? _________________ Main Router: Dynalink WRX36, PPPoE, Gateway Mode, Network IPV4 - Isolated Vlan's. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. Paid Commercial Wireguard Client's & WG server, DNSMasq, Static Leases with Cloudflare SmartDNS, DNSMasq Adblocking via egc script.
No one can build you the bridge on which you, and only you, must cross the river of life!
I would also try using encrypted DNS, SMARTDNS feature in webif.
I'll start reading the smartdns guide and see what I can do with that. I didn't want to get this complicated in my configuration but it is fun but sometimes frustrating. I just hope that I won't have to manually rebuild the configuration somewhere down the road, like after a firmware upgrade where things don't work right anymore and a factory reset needs to be done. This rabbit hole is getting pretty deep.
Have you checked while connecting to nord vpn you don't a dns leak?
I use dnsleaktest.com to check for this. After putting the nordvpn DNS IPs in the "DNS Servers via Tunnel" field the only servers that show up in the test are the nordvpn servers. I think that may have fixed my problem since I removed "server=/youtube.com/amazon.com/google.com/1.0.0.1@vlan2" from dnsmasq and so far I can get to those sites.
But I discovered another issue. Even though I get the Google login screen for Duolingo, I can't get signed in even though I signed in to Gmail OK.
And I just noticed that my ISPs speed test utility is showing my actual IP despite dnsleaktest.com shows my VPN address. speedtest.net shows my VPN address. I'm not even using my ISP DNS. How can that happen?
There is nothing complicated about SmartDNS, 3 or 4 boxes to tick and add some server lines, you can copy and paste, into Additional Options box.
I just tried smart dns but it doesn't solve the problem with having to connect amazon.com directly to the WAN with server=/google.com/amazon.com/1.0.0.1@vlan2 .
The smart DNS seems to work though - at least my dns test shows that the dns servers have changed. I'm not sure if I should continue using smart dns though.
Also, I don't use the standard syslog since I have a USB stick with Entware and I have my syslog as /opt/var/log/syslog_master. So, grep -i dnsmasq /opt/var/log/syslog_master does not show 127.0.0.1#6053. netstat -a shows a port 6053 though and /tmp/dnsmasq.conf shows 127.0.0.1#6053 like the tutorial says it should. I haven't tried rebooting the router yet.
Another update, smartDNS isn't hiding my actual IP. dnsleaktest.com shows the VPN address though. But using my ISPs speed test utility and IRC are seeing my actual IP. I'll have to do more reading to see if I forgot to do something.
if you have split DNS enabled in your commercial WG Client, use IPv4 DNS Server field not DNS Servers via Tunnel. Pretty sure it's all in egc WG bible.
Not sure how using smartdns for your WAN has any effect on your WG client, can only mean misconfiguration, so I've assumed you have your nords dns in dns servers via tunnel.
Also as someone else has pointed out, make sure you have Ignore WAN DNS enabled under basic setup. _________________ Main Router: Dynalink WRX36, PPPoE, Gateway Mode, Network IPV4 - Isolated Vlan's. Unifi AC-Pro x 3 AP's, Router Wi-Fi Disabled. Paid Commercial Wireguard Client's & WG server, DNSMasq, Static Leases with Cloudflare SmartDNS, DNSMasq Adblocking via egc script.
No one can build you the bridge on which you, and only you, must cross the river of life!
if you have split DNS enabled in your commercial WG Client, use IPv4 DNS Server field not DNS Servers via Tunnel. Pretty sure it's all in egc WG bible.
I'm not using Split DNS.
foz111 wrote:
Not sure how using smartdns for your WAN has any effect on your WG client, can only mean misconfiguration, so I've assumed you have your nords dns in dns servers via tunnel.
Also as someone else has pointed out, make sure you have Ignore WAN DNS enabled under basic setup.
Smart DNS shouldn't be exposing my actual IP but when I turn it off only one site is seeing my public IP instead of 3 of them. Probably a misconfiguration but this problem didn't show up until messing around with smart dns. I have been backing up configs as I go along so I'm going to roll back to the last known "good" config.
Yes, I have the nordvpn DNS addresses listed in DNS servers via tunnel. My VPN IP and a list of nordvpn servers show up when I test at dnsleaktest.com.
Ignore WAN DNS doesn't show up when using a static public IP. It does show up when using DHCP but I don't use DHCP to get an address from my ISP. I paid the extra bucks to get the static IP.
Ignore WAN DNS doesn't show up when using a static public IP. It does show up when using DHCP but I don't use DHCP to get an address from my ISP. I paid the extra bucks to get the static IP.
Maybe "no-resolv" flag is set automatically when using a static public IP?
If it is not present in /tmp/dnsmasq.conf maybe adding it in Dnsmasq Infrastructure>Additional Options
would solve the problem.
Ignore WAN DNS doesn't show up when using a static public IP. It does show up when using DHCP but I don't use DHCP to get an address from my ISP. I paid the extra bucks to get the static IP.
Maybe "no-resolv" flag is set automatically when using a static public IP?
If it is not present in /tmp/dnsmasq.conf maybe adding it in Dnsmasq Infrastructure>Additional Options
would solve the problem.
no-resolv was set when I enabled smart dns but it doesn't exist when I disable smart dns. So I added no-resolv to dnsmasq additional options and it killed the dns. So I removed it.
I thought I had this issue resolved but when I launched my IRC client the IRC server was able to see my real IP - even though dnsleaktest.com and 2 other sites listed my VPN IP. How is this possible?
