DNS requests not routed thru VPN on Asuswrt-Merlin

[sbsnb]

Hi, the router is the only device connected to NordVPN. But there is policy based routing that only routes traffic from the NAS IP's though the VPN (see the config images I sent at the start).

Then you won't be able to access the NAS from the internet. Is that your intent?

From the NAS, what do you see when you traceroute to yahoo.com, for example?

 

[Pseudomax]

Hi, just as an update ... I have checked the NAS today and for some reason (without any intervention from myself) it is accessing the internet without a problem?!! I have done a leak test and everything is working as it should be! To add all the changes I made included rebooting the router each time, so I have no idea?! However, although I can't access it directly, so long as I implement my Wireguard connection the Qsync will also work ... so it seems I don't have any problems?! If they reoccur then I will be back in touch Thanks for the help though ...

 

[Pseudomax]

Hi, so after doing further testing, and with a separate thread in the Emby forum, I have discovered that my ISP is throttling any VPN connections (and I think possibly disconnecting them). However they use default VPN ports to do this, and given the VPN is a bridge between two subnets I own/manage, I (seem) to have resolved this by using a non-default port ... at least to prevent the throttling and for the moment.

However, I now need some help routing the client that is on the server side (my NAS) through the Wireguard non-standard port tunnel and then to use the remote client WAN as it's default WAN.

Currently my setup is:
Primary Lan: 192.168.1.0 (with the primary Asus-Merlin RT-87U router being 192.168.1.1)
Primary Wireguard VPN Server (dedicated dd-wrt router on the same subnet as WAP; wireless is disabled): 192.168.1.254
Wireguard Tunnel: 10.4.0.0 (with the server above being 10.4.0.1 in the tunnel)
Client (Remote) LAN: 192.168.10.0
Client Gateway & Client Wireguard VPN Router (they are the same dd-wrt router): 192.168.10.1 & 10.4.0.5
The client needing routing is the NAS (static IP): 192.168.1.170

Please could I know where and what static routes (I assume) to use to route all traffic from the NAS through the Wireguard VPN 10.4.0.0 and then through the Client Gateway 192.168.10.1

I don't fully understand routing tables etc ... so still trying to learn!

All help appreciated! If you were also able to tell me how to use the dd-wrt OpenVPN client on the 192.168.10.1 router to also send ONLY this traffic (using policy based routing) out then that would be great too!

 

[Chewie420]

Hello,

I've setup an OpenVPN Client on my router Asus RT-AC68U with Asuswrt-Merlin version 384.13_0 as follows:
Force Internet traffic through tunnel: Policy Rules (strict)
Rule: 192.168.24.0/24: VPN
Accept DNS Configuration: Exclusive

The VPN connection works fine but there is one problem:
not the DNS servers provied by the VPN tunnel but those from the WAN DNS Setting of the router are used.

I check the results on https://dnsleaktest.com

Could you please help to find the reason of this malfunction?

Best regards,
RKaniec

I am using RT-AX88U with latest firmware and after running the DNS leak test I see the DNS provider in my WAN settings as well.

I am not really sure how to fix this, could I get some help?

 

[eibgrad]

I am using RT-AX88U with latest firmware and after running the DNS leak test I see the DNS provider in my WAN settings as well.

I am not really sure how to fix this, could I get some help?

A good starting point.

Tutorial - How to monitor DNS traffic in real-time

The following script allows for real-time monitoring of DNS on the router for the purposes of knowing what DNS servers are in use, and which network interfaces are being used. https://pastebin.com/AGNF8cC8 Overview One of the most difficult aspects of the router for users is managing DNS. DNS...

www.snbforums.com

Also, things have change a lot since the time this thread was started. For example, starting w/ 386.4, ASUS now statically binds the DNS servers on the WAN to the WAN. And so it's possible under certain circumstances this can lead to a DNS leak w/ certain DNS configurations on the OpenVPN client.