VPN: if "Tunnel activated" ->internet on mobile phone is laggy, all the rest clients work fine

[StefMug]

greetings from austria
(excuse my english)

if I activate the VPN-tunnel, the connection to NordVPN is online and stable.
so thats ok.
Problem with activated VPN-tunnel: my smartphone gets laggy internet connection, but every other device works without delay.

For example:
- i start speedtest-app on phone (android), it needs 10 seconds to get internet-connection.
- or: if i click any internet-shortcut (amazon.com), chrome-app opens immediately but then stops loading the page for 10 seconds, and after this 10sec.-full-stop the page fades-in in one twinkle.
by setting VPN-Tunnel off, my phone gets internet without delay and everything works fine.

My knowledge level: "every client which is not specified in VPN_director, will pass through WAN"
As I want only one client (set-top-box) passing through VPN, I enabled VPN-director rule only for this device, and all other devices are forced through WAN by default.

How can i get rid of this Lag in loading time when VPN activated?
Maybe there is a problem with the ip adress from the phone and the router needs seconds to decide which tunnel to use VPN vs. WAN?
(phone's ip adress is set to automatic DHCP)

attached file: vpn_client_settings

 

[StefMug]

file

 

[Ripshod]

Your screenshot is virtually unreadable but it looks like you have "Accept DNS Configuration" set to Strict. Try setting that setting to Disabled as a test.

 

[StefMug]

sorry, upload from phone.

yes it's "strict"
in WAN my DNS is: 1.1.1.1
seems there are Problems with NordVPNs DNS at "strict"

thanks for the hint, seems its a DNS-Problem.
Found some more infos here:

Slow speeds and some websites/apps don't work post VPN Director

I have been using VPN Director to tunnel specific devices through various OpenVPN clients. This works great. However, when I disable a rule to stop tunneling a device, the internet connection is messed up. Many sites take a very long time to load, sometimes not at all, and many apps are very...

www.snbforums.com

Express and NordVPN only accept DNS Exclusive.

I'm trying to implement policy-based routing on my AC86U, but I've found as soon as I set "DNS Configuration" to anything but "Exclusive", DNS leaks occur. Does anyone know how to get around this?

www.snbforums.com

quote:
"It's always been my recommendation (even beyond this specific problem) that users define custom DNS servers on the WAN (e.g., 8.8.8.8 and 8.8.4.4), configure the VPN w/ "Accept DNS configuration" set to Disabled, and bind those same DNS servers using policy based routing (as destination IPs) to the VPN. So when the VPN is NOT active, 8.8.8.8 and 8.8.4.4 are accessed over the WAN. When the VPN is active, you're using the same servers, but they're now accessed over the VPN. It avoids all this nonsense w/ push'd DNS servers NOT being within the scope of the tunnel, the router refusing to bind them to the tunnel, this handling of DNS for VPN and non-VPN clients differently, etc. It just makes things simpler and more predictable."