send DNS requests trough OpenVPN Tunnel

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
sozeee
DD-WRT Novice


Joined: 15 Jan 2017
Posts: 1

PostPosted: Sun Jan 15, 2017 15:43    Post subject: send DNS requests trough OpenVPN Tunnel Reply with quote
Hello everybody!

I am probably asking a very simple question to many, but after long searching the forums still can't find the answer.

I am proudly running DD-WRT v3.0-r30910M kongac (12/02/16) on my Netgear R7000 for about a week, first time user with no networking background.

So far everything runs smoothly out of the box, I haven't done any extra configuration.

So here is the problem, when running the OpenVPN client the DNS requests get handled by whatever server I have put in the 'basic setup > network setup' page of the GUI. If I type zeroes in, the requests go to my ISP's DNS. So I guess this all goes outside the VPN tunnel. When I use the VPN provider's Windows client it works similarly and when I set some extra options for preventing DNS leaks, it starts sending requests to OpenDNS servers set by the provider (which I cannot choose), ignoring my system settings in Windows and in the router. So the question is how do I configure it so that all traffic, including DNS requests, go through the VPN tunnel. The second one, how do I see where it goes through?

Thanks to all the people keeping this project what it is!
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Jan 16, 2017 13:22    Post subject: Reply with quote
That is a great explanation, very instructive, thank you!
I have set up my openVPNclient on PIA which works well
I can see that it is pushing DNS servers:
20170116 13:31:50 SENT CONTROL [06425c9dfd4606f82b5adc8217d63008]: 'PUSH_REQUEST' (status=1)
20170116 13:31:50 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS 209.222.18.222 dhcp-option DNS 209.222.18.218 ping 10 comp-lzo no route 10.53.10.1 topology net30 ifconfig 10.53.10.6 10.53.10.5'

My resolv.dnsmasq:
nameserver 209.222.18.222
nameserver 209.222.18.218
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 10.0.0.1

So that seems OK, BUT if I use ipleak.net, I can see that I am on my VPN, but my DNS server is listed as google so apparently the two pushed DNS servers, which are on the top of my resolv.dnsmasq, are not used. The last three entries of my resolv.dnsmasq are my entries under DHCP server.

Settings
Use DNSMasq for DHCP : Check
Use DNSMasq for DNS : Check
DHCP-Authoritative : Check
Forced DNS Redirection: Not


DNSMasq : Enable
Encrypt DNS : Disable
Local DNS : Enable
No DNS Rebind : Enable
Query DNS in Strict Order : Enable
Add Requestor MAC to DNS Query : Disable


I am on the latest Kong build 31135 (with openVPN 2.4)on a Netgear R6400

What am I doing wrong?

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Mon Jan 16, 2017 17:33    Post subject: Reply with quote
Thank you very much, I will look into it and do some more testing, and report back if I know more.
It is not a problem because my IP address is hidden, and if I add the PIA DNSservers to my Static DNS on the Setup tab, the DNS servers of PIA are used.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Jan 17, 2017 15:22    Post subject: Reply with quote
@eibgrad, I have investigated somewhat further.
As stated my resolv.dnsmasq.conf:
root@R6400:~# cat /tmp/resolv.dnsmasq
nameserver 209.222.18.222
nameserver 209.222.18.218
nameserver 8.8.8.8
nameserver 8.8.4.4
nameserver 10.0.0.0

When using ipleak.net and dnsleaktest.com my DNSservers are listed as google so coming from 8.8.8.8

With: cat /proc/net/ip_conntrack | grep 'dport=53'
udp 17 27 src=192.168.1.99 dst=192.168.1.1 sport=64033 dport=53 packets=2 bytes=154 src=192.168.1.1 dst=192.168.1.99 sport=53 dport=64033 packets=1 bytes=192 mark=0 use=2
udp 17 27 src=10.26.10.6 dst=8.8.8.8 sport=26834 dport=53 packets=1 bytes=77 src=8.8.8.8 dst=10.26.10.6 sport=53 dport=26834 packets=1 bytes=192 mark=0 use=2
udp 17 105 src=192.168.1.101 dst=192.168.1.1 sport=52699 dport=53 packets=1 bytes=80 src=192.168.1.1 dst=192.168.1.101 sport=53 dport=52699 packets=1 bytes=185 mark=0 use=2
udp 17 27 src=10.26.10.6 dst=8.8.4.4 sport=26834 dport=53 packets=1 bytes=77 src=8.8.4.4 dst=10.26.10.6 sport=53 dport=26834 packets=1 bytes=192 mark=0 use=2
udp 17 105 src=10.26.10.6 dst=8.8.8.8 sport=14912 dport=53 packets=1 bytes=80 src=8.8.8.8 dst=10.26.10.6 sport=53 dport=14912 packets=1 bytes=185 mark=0 use=2

root@R6400:~# traceroute -n 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.Cool, 30 hops max, 38 byte packets
1 10.26.10.1 47.973 ms 47.501 ms 47.940 ms
2 93.114.43.193 531.769 ms 239.497 ms 99.327 ms
3 109.163.235.153 55.308 ms 48.973 ms 56.528 ms
4 109.163.235.130 119.707 ms 87.292 ms 77.351 ms
5 * * 5.254.68.146 209.919 ms
6 80.81.193.108 81.499 ms 81.661 ms 81.967 ms
7 216.239.49.128 76.174 ms 216.239.56.26 81.603 ms 216.239.56.110 76.301 ms
8 216.239.57.147 78.385 ms 216.239.57.145 75.850 ms 216.239.57.127 76.001 ms
9 66.249.95.226 94.057 ms 93.998 ms 64.233.174.143 90.991 ms
10 209.85.246.119 91.367 ms 88.641 ms 209.85.249.12 92.064 ms
11 * * *
12 * 8.8.8.8 92.487 ms 90.478 ms

My take (for what it's worth) is that the resolv.dnsmasq.conf is not used.
So I tried to stop and start DNSMasq, what that did is it altered the resolv.dnsmas.conf file in such a way that the entries from the OpenVPN were gone, not surprisingly, after starting and stoping the OpenVPN the entries were back but still no go Sad

Then I decided to open and save but not alter the resolv.dnsmasq.conf and BINGO now with dnsleaktest and ipleak.net my vpn IP address is listed as my DNS server.

I redid your commands:
root@R6400:~# cat /proc/net/ip_conntrack | grep 'dport=53'
udp 17 2 src=10.26.10.6 dst=209.222.18.218 sport=20856 dport=53 packets=1 bytes=61 src=209.222.18.218 dst=10.26.10.6 sport=53 dport=20856 packets=1 bytes=317 mark=0 use=2
udp 17 32 src=192.168.1.99 dst=192.168.1.1 sport=63156 dport=53 packets=2 bytes=118 src=192.168.1.1 dst=192.168.1.99 sport=53 dport=63156 packets=1 bytes=92 mark=0 use=2
udp 17 21 src=10.26.10.6 dst=209.222.18.218 sport=63031 dport=53 packets=1 bytes=58 src=209.222.18.218 dst=10.26.10.6 sport=53 dport=63031 packets=1 bytes=74 mark=0 use=2
udp 17 3 src=10.26.10.6 dst=209.222.18.222 sport=21477 dport=53 packets=1 bytes=70 src=209.222.18.222 dst=10.26.10.6 sport=53 dport=21477 packets=1 bytes=130 mark=0 use=2
udp 17 21 src=192.168.1.99 dst=192.168.1.1 sport=62878 dport=53 packets=1 bytes=58 src=192.168.1.1 dst=192.168.1.99 sport=53 dport=62878 packets=1 bytes=74 mark=0 use=2
udp 17 17 src=192.168.1.99 dst=192.168.1.1 sport=53693 dport=53 packets=2 bytes=132 src=192.168.1.1 dst=192.168.1.99 sport=53 dport=53693 packets=1 bytes=172 mark=0 use=2
udp 17 30 src=10.26.10.6 dst=209.222.18.222 sport=26222 dport=53 packets=1 bytes=60 src=209.222.18.222 dst=10.26.10.6 sport=53 dport=26222 packets=1 bytes=60 mark=0 use=2
udp 17 20 src=192.168.1.99 dst=192.168.1.1 sport=63751 dport=53 packets=2 bytes=154 src=192.168.1.1 dst=192.168.1.99 sport=53 dport=63751 packets=1 bytes=93 mark=0 use=2
udp 17 26 src=10.26.10.6 dst=209.222.18.218 sport=3170 dport=53 packets=1 bytes=64 src=209.222.18.218 dst=10.26.10.6 sport=53 dport=3170 packets=1 bytes=64 mark=0 use=2
udp 17 33 src=192.168.1.99 dst=192.168.1.1 sport=56989 dport=53 packets=1 bytes=58 src=192.168.1.1 dst=192.168.1.99 sport=53 dport=56989 packets=1 bytes=58 mark=0 use=2
udp 17 30 src=192.168.1.99 dst=192.168.1.1 sport=65029 dport=53 packets=2 bytes=120 src=192.168.1.1 dst=192.168.1.99 sport=53 dport=65029 packets=1 bytes=60 mark=0 use=2

There are much more but I only showed about 20%

root@R6400:~# traceroute -n 209.222.18.222
traceroute to 209.222.18.222 (209.222.18.222), 30 hops max, 38 byte packets
1 10.26.10.1 47.277 ms 49.820 ms 55.928 ms
2 * * *
3 109.163.235.61 47.949 ms 50.662 ms 48.774 ms
4 62.115.147.6 48.105 ms 46.910 ms 47.835 ms
5 62.115.119.118 70.494 ms 80.91.248.15 73.086 ms 62.115.143.170 69.943 ms
6 62.115.136.62 82.192 ms 213.155.133.56 77.521 ms 62.115.134.216 85.494 ms
7 213.155.135.63 169.163 ms 62.115.116.160 84.581 ms 80.91.250.203 168.142 ms
8 62.115.134.108 168.400 ms 213.155.130.28 164.305 ms 62.115.141.238 170.200 ms
9 62.115.123.77 88.615 ms 62.115.123.85 86.542 ms 62.115.149.39 167.472 ms
10 66.55.144.146 168.482 ms 66.55.144.149 169.875 ms 66.55.144.146 161.635 ms
11 108.61.248.78 165.518 ms 80.91.247.121 177.393 ms 62.115.118.192 170.098 ms
12 62.115.112.107 166.877 ms 213.155.130.30 173.375 ms 209.222.18.222 164.657 ms

Is it possible that the DNSMasq is not getting a SIGHUP after the OpenVPNclient has altered the resolv.dnsmasq.conf?
(My linux knowledge is below average so maybe it is something entirely different Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Tue Jan 17, 2017 18:38    Post subject: Reply with quote
Thank you very much for your elaborate answer. Not only is your knowledge amazing but your explanation concise and to the point.

The way you described it is the same as for my setup.
After the openVPN is active, the dnsmasq.conf points to the resolv.dnsmasq, which starts with the 2 entries from the VPN and then 3 entries form the DHCP fields.

I do not have anything in my Additional DNSMasq Options and I have: Query DNS in Strict Order, Local DNS and No DNS Rebind all enabled.

So my setup not working could indeed be a timing problem which is solved by opening and saving the resolv.dnsmasq file.

I will look further into the matter and report back if I know more.
Your help is greatly appreciated

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Jan 18, 2017 12:45    Post subject: Reply with quote
I did some further investigating and rebooted multiple times, sometimes DNS is using the pushed VPN DNS servers sometimes it didn't.

I include a file with the timestamps of the /tmp directory. When it was not working the timestamps of dnsmasq.conf and resolv.dnsmasq where the same, when it it worked as it should be, resolv.dnsmasq had a timestamp of 1 second later.

When it was not working, I could easily get it to work by executing: touch resolv.dnsmasq from the CLI, to give this file a later timestamp than dnsmasq.conf

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Jan 18, 2017 16:17    Post subject: Reply with quote
I totally agree, it could point to a nasty bug.

My setup is really standard, Netgear R6400 with the latest Kong build 31135, which has the new 2.4 OpenVPN.
No additional DNSMasq options only 1 static lease, no scripts or rules.

I will make a script to touch the resolv.dnsmasq. A nice exercise, I have programming and Windows scripting skills but not Linux Smile

In the meantime, if I can be of further assistance let me know, I am on a sabbatical so I have plenty of time on my hands Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Jan 18, 2017 18:21    Post subject: Reply with quote
Yes this Broadcom /Arm on Linux 4.4. with Open VPN2.4.

I looked in the /tmp/opnvpncl directory here is the listing:
-rw-r--r-- 1 root root 2025 Wed Jan 18 17:33:09 2017 ca.crt
-rw-r--r-- 1 root root 22 Wed Jan 18 17:33:09 2017 credentials
-rw-r--r-- 1 root root 447 Wed Jan 18 17:33:09 2017 openvpn.conf
-rwx------ 1 root root 99 Wed Jan 18 17:33:09 2017 route-down.sh
-rwx------ 1 root root 574 Wed Jan 18 17:33:09 2017 route-up.sh

The most ineresting seems the route-up.sh:
#!/bin/sh
iptables -D POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -I POSTROUTING -t nat -o tun1 -j MASQUERADE
iptables -D INPUT -i tun1 -j ACCEPT
iptables -D FORWARD -i tun1 -j ACCEPT
iptables -D FORWARD -o tun1 -j ACCEPT
iptables -I INPUT -i tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -j ACCEPT
iptables -I FORWARD -o tun1 -j ACCEPT
stopservice dnsmasq -f
startservice dnsmasq -f
cat /tmp/resolv.dnsmasq > /tmp/resolv.dnsmasq_isp
env | grep 'dhcp-option DNS' | awk '{ print "nameserver " $3 }' > /tmp/resolv.dnsmasq
cat /tmp/resolv.dnsmasq_isp >> /tmp/resolv.dnsmasq

As I said my Linux knowledge is below average, so I can not comment on it, pherhaps I should add: Sleep 5 after startservice dnsmasq -f ? (don't know what the -f option means)

It's fun and very instructive Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Wed Jan 18, 2017 18:58    Post subject: Reply with quote
Great!
Of course my suggestion (putting in sleep) was nonsense, I knew that the minute after I uploaded my message, these files are of course not persistent Sad

Will you add this to the bugtracker (you have much more authority then me Smile )

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Fri Jan 20, 2017 13:59    Post subject: Reply with quote
Good Job!

I cobbled a script together which can be saved as startup script from the Administration commands tab, which "touches" the file to give it a later timestamp so that DNSMasq rereads the file and uses the pushed DNS servers. I did not test extensively so check!
Code:

#!/bin/sh
file="/tmp/resolv.dnsmasq"
Number=0

logger "File attempting to touch: $file"
logger "Starting number $Number of 10 attempts"

if [ ! -f "$file" ]; then
  until [ ! -f "$file" ]; do
    sleep 2
    Number=$((Number+1))
    logger "Wating for $Number"
    if [ -f "$file" ]; then
       touch "$file"
       logger "$file has been touched"
       break     
    elif [ $Number -eq 10 ]; then
        logger "Can not execute touch, Beware of DNS Leak"
        break
    fi
  done
elif [ -f "$file" ]; then
   sleep 2
   touch "$file"
   logger "$file has been touched"
else
  logger "Can not execute touch, Beware of DNS Leak"
fi


Beware if you hit Apply Settings, you could have the problem again, so always reboot.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Sat Jan 21, 2017 9:45; edited 1 time in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Sat Jan 21, 2017 12:03    Post subject: Reply with quote
That's much more sophisticated Smile
_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
ReaperX3
DD-WRT Novice


Joined: 11 Dec 2016
Posts: 9

PostPosted: Thu Mar 30, 2017 19:36    Post subject: Reply with quote
I seem to have a much more basic problem with getting my DNS queries routed through the VPN. Short story: the pushed PIA DNS servers don't seem to replace the static ones even though OpenVPN connects correctly and "Use DNSMasq for DNS" is checked.

Details:

I have PIA and set up my dd-wrt router (a Netgear WNDR3700 v4 with the DD-WRT v3.0-r31722 std (03/21/17) firmware) to route all traffic through the VPN.

I generally followed the instructions at

https://www.privateinternetaccess.com/pages/client-support/dd-wrt-openvpn

Status/OpenVPN reports success (Client: CONNECTED SUCCESS). IP address checking sites show that I'm going through the VPN.

I'm seeing the VPN's DNS servers being pushed in the OpenVPN log:

PUSH_REPLY redirect-gateway def1 dhcp-option DNS 209.222.18.222 dhcp-option DNS 209.222.18.218 ping 10 comp-lzo no route 10.67.10.1 topology net30 ifconfig 10.67.10.6 10.67.10.5'

In the setup, "Use DNSMasq for DNS" is checked. I have three static DNS servers configured as suggested by PIA support.

When I telnet into my router and do cat /tmp/resolv.dnsmaq, all I get is the three static DNS servers:

Code:
nameserver 4.2.2.1
nameserver 4.2.2.2
nameserver 4.2.2.3


I even put eibgrad's script into my startup and rebooted, but I'm still seeing the same problem.

Any help would be appreciated!
ReaperX3
DD-WRT Novice


Joined: 11 Dec 2016
Posts: 9

PostPosted: Thu Mar 30, 2017 20:54    Post subject: Reply with quote
thanks for that quick and substantial response. Smile I was wondering about policy-based routing myself, thanks for anticipating that question and answering it as well.
makos
DD-WRT Novice


Joined: 04 May 2019
Posts: 2

PostPosted: Sat May 04, 2019 12:38    Post subject: Reply with quote
Hello,

Not sure if I sould start a new topic but this one looks like most relevant for me.

I have set up routed OpenVPN client (tun) on DD-WRT 3.0-r39715 to connect local LAN to remote LAN.

Everything is working fine with only exception that pushed remote DNS by OpenVPN server is not updating Dnsmasq resolv.

GUI settings

Setup->Basic [ Network Address Server Settings (DHCP) ]
Code:
Use DNSMasq for DNS - checked
DHCP-Authoritative - checked
Forced DNS Redirection - unchecked

Services->Services [ Dnsmasq ]
Code:
Dnsmasq - Enable
Cache DNSSEC data - Disable
Local DNS - Enable
No DNS Rebind - Enable
Query DNS in Strict Order - Enable
Add Requestor MAC to DNS Query - Disable
RFC4039 Rapid Commit support - Disable
Maximum Cached Entries - 1500
Additional Dnsmasq Options - blank


Generated dnsmasq.conf
Code:
less /tmp/dnsmasq.conf

interface=br0
resolv-file=/tmp/resolv.dnsmasq
strict-order
domain=local.net
dhcp-leasefile=/tmp/dnsmasq.leases
dhcp-lease-max=50
dhcp-option=br0,3,192.168.7.250 //LAN IP address of dd wrt router
dhcp-range=br0,192.168.7.129,192.168.7.178,255.255.255.128,1440m
bogus-priv
conf-file=/etc/rfc6761.conf
dhcp-option=252,"\n"
cache-size=1500

dd wrt OpenVPN client receives remote DNS address along with static routes:
Code:
May  4 12:27:58 gate daemon.notice openvpn[7589]: PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 192.168.3.201,route 10.0.0.0 255.255.0.0,route 192.168.3.0 255.255.255.0

However /tmp/resolv.dnsmasq remains unchanged - only my ISP's DNS adresses there:
Code:
less /tmp/resolv.dnsmasq

nameserver 195.122.12.242
nameserver 80.232.230.242


Kindly point me to the right direction.

Thanks.
makos
DD-WRT Novice


Joined: 04 May 2019
Posts: 2

PostPosted: Sun May 05, 2019 17:44    Post subject: Reply with quote
Thanks for sorting this out.

eibgrad wrote:

In the future, please, *always* start a new thread.

OK. Noted.

eibgrad wrote:
You could even combine the two so that you never had DNS leaks for public IPs *and* be able to use the remote DNS server when necessary.

I think I will switch this one to Kong's build as this solution is not elegant enough. Having a bunch of remote domains and keeping them "hardcoded" in additional options is a bit inconvenient and hard to administer.

Thank you.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum