OpenVPN breaks local dns

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
DD-WRT Novice

Joined: 15 Sep 2018
Posts: 6

PostPosted: Thu Feb 28, 2019 0:33    Post subject: OpenVPN breaks local dns Reply with quote
I set up a local dns resolver on a Raspberry Pi with Pihole and Unbound resolver. Everything works fine until I turn on my OpenVPN Client on my ddwrt router.
Once the OpenVPN Client is enabled, my local dns stops working.

Looking at Unbound's error says it can't bind port 53. After enabling OpenVPN Client, port 53 on the router is opened, breaking my dns.
This might just be a coincidence but I'm not sure.

My Pi's setup is correct and fully functional if OpenVPN Client is disabled then stops working once OpenVPN Client is enabled.

The Pihole, raspbian, and unbound community haven't been able to help me fix this.

All devices have been fully wiped and fresh reinstalls performed multiple times.

Could someone please help me get OpenVPN Client and local DNS (Pi, Pihole, and unbound) to work together?

R7000 with Kong PTB DD-WRT v3.0-r38580M kongac (02/05/19).

R7000 - Kong PTB Test

Joined: 11 Jul 2018
Posts: 87

PostPosted: Fri Mar 01, 2019 12:18    Post subject: Reply with quote
try this in Additional DNSsmasq Options:


where x.x.x.x is IP to Pi-hole

Joined: 18 Mar 2014
Posts: 6362
Location: Netherlands

PostPosted: Fri Mar 01, 2019 13:12    Post subject: Reply with quote
When you enable OpenVPN client to a commercial provider they push their DNS servers and those are used.

You can stop the pushing of the DNS servers by adding the following to the Additional config of the OVPN client:
pull-filter ignore "dhcp-option DNS"

Or you can tell DNSMasq to ignore the DNS servers in resolv.dnsmasq with the settings of @grc
This would be my preferred method as there is a bug which can cause DNS leakage and this method will stop it

I think you also have to disable the "No DNS rebind" setting when using an other local DNS server

Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing:
Install guide R6400v2:
OpenVPN Server Setup:
Install guide R7800:
Wireguard Server setup guide:
Wireguard Client setup guide:
Wireguard Advanced setup guide:
Forum Guide Lines (important read):
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT


Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum