Posted: Thu Jul 22, 2021 21:18 Post subject: OpenVPN, PBR and DNS leaks
All,
I have read every thread and documents posted on them (thank you egc) but still cannot make this work. I feel this is a very simple problem but obviously I am wrong or I am missing something as I have been working this for over 16 hours).
I have OpenPVN client running on my R7800 (dd-wrt 47040). I have PBR set up as 192.168.115.1/25 to cover 192.168.115.1-192.168.115.127.
This works perfectly. The problem is that EVERY client, even those NOT on the VPN use the VPN DNS servers causing problems.
I went down a rabbit hole with DNSMasq settings and no matter what I do I cannot get the VPN clients to use the VPN DNS and all the others to use the non-vpn DNS. I am open to all help, I can post as many settings as needed (I followed the doc in this thread https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686, I searched for more options for dnsmasq, nothing works)
This is normal behavior (even if you don't prefer it).
By default, all clients use DNSMasq as a local DNS proxy. It's actually the proxy that gets configured w/ the public DNS servers, and overridden w/ the VPN's DNS servers if you so choose. But that proxy can only be configured to access any given public DNS server over one or the other network interface, WAN or VPN, not both. Which one depends on other configuration settings.
If we assume you prefer to have VPN clients use the VPN provider's DNS servers, one way to have non VPN clients use the WAN is to bind them directly to a public DNS server bound to the WAN. IOW, bypass DNSMasq.