What's new
By:

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

VPN Director - stock asus firmware.

P

podkaracz1996

New Around Here
Hi,

I bought Asus rt-be86u last week and I want to force all devices on my network to use the dns server provided in the wan tab by the router. Is there a way to force it on stock firmware as opposed to feature called vpn director on merlin firmware?



Regards,
 
If you are talking about running VPN client on the router and forcing your LAN clients to use the router's DNS servers under stock Asus 3006.102.x firmware. Then see the stock firmware's VPN Fusion section.

Depending on what kind of VPN client one sets up they may have an option to configure the DNS server (option).

PS: One may also have to configure the router's LAN > DHCP Server > DNS and WINS Server Setting's two DNS fields to match the router's WAN DNS fields.
 
Sorry maybe i misunderstood what vpn director does.


What i meant is there a way to force all clients that are connected to router to use only dns servers provided in wan section exclusively? So for example if i set custom dns server in windows lan section i will be disconnected?
 
Are you using VPN? If so are you configuring a VPN Server on the router? Or are you configuring the router to be a VPN client (aka VPN Fusion on Asus stock firmware) where it connects to a remote VPN server?
 
You have two options. Leave the LAN > DHCP Server > DNS and WINS Server Setting's two DNS fields blank and the LAN clients will use the router as it's DNS server (WAN > WAN DNS Setting > DNS Server). Or one can manually configure the DNS servers LAN clients should use by entering those DNS servers into the LAN > DHCP Server > DNS and WINS Server Setting > DNS Server 1 and DNS Server 2 fields.

Or one can manually configure the DNS servers on the LAN clients themselves.
 
How to force it onto the clients? For example I want the router to accept only the dns servers provided in wan section so when i change it manually to something else on my windows machine i will be disconnected unless i will start using the correct dns servers again?
 
You’re talking about DNS Director, not VPN Director.

I find that Asus has DNS Director in later firmware versions, but no mention of it in the GUI. You might enable it manually over SSH:
Code: 
nvram set dnsfilter_enable_x=1
nvram set dnsfilter_mode=11
nvram commit
service restart_dnsfilter
Verify with:
Code: 
iptables -t nat -S | grep DNSFILTER
 
If you want your LAN clients to use something other than the router's WAN DNS addresses, input those different DNS addresses into the LAN > DHCP Server > DNS and WINS Server Setting > DNS Server 1 and DNS Server 2 fields. Then power cycle the LAN clients so they obtain updated IP/DNS information from the router. Example DHCP Server DNS fields:

DHCP Server DNS.jpg
 
dave14305 said:
You’re talking about DNS Director, not VPN Director.
Click to expand...
It appears they were asking about stock firmware in their OP post. Stock doesn't have DNS Director.
 
dave14305 said:
You’re talking about DNS Director, not VPN Director.

I find that Asus has DNS Director in later firmware versions, but no mention of it in the GUI. You might enable it manually over SSH:
Code: 
nvram set dnsfilter_enable_x=1
nvram set dnsfilter_mode=11
nvram commit
service restart_dnsfilter
Verify with:
Code: 
iptables -t nat -S | grep DNSFILTER
Click to expand...
Thanks I will try it out this is exactly what i wanted.
 
podkaracz1996 said:
Thanks I will try it out this is exactly what i wanted.
Click to expand...
Just an FYI. DNS Director is exclusive to Asus-Merlin firmware. It is not found on the stock 3006.102.x firmware GUI.
 
dave14305 said:
You’re talking about DNS Director, not VPN Director.

I find that Asus has DNS Director in later firmware versions, but no mention of it in the GUI. You might enable it manually over SSH:
Code: 
nvram set dnsfilter_enable_x=1
nvram set dnsfilter_mode=11
nvram commit
service restart_dnsfilter
Verify with:
Code: 
iptables -t nat -S | grep DNSFILTER
Click to expand...
Looks like it works! Thanks...

-N DNSFILTER
-A PREROUTING -i br+ -p udp -m udp --dport 53 -j DNSFILTER
-A PREROUTING -i br+ -p tcp -m tcp --dport 53 -j DNSFILTER
-A PREROUTING -i wgs1 -p udp -m udp --dport 53 -j DNSFILTER
-A PREROUTING -i wgs1 -p tcp -m tcp --dport 53 -j DNSFILTER
-A DNSFILTER -i br0 -j RETURN
-A DNSFILTER -i br52 -j RETURN
-A DNSFILTER -j DNAT --to-destination 192.168.50.1

Results from iptables -t nat -S | grep DNSFILTER on AX86U Pro Asus firmware 3.0.0.6.102_34336-gc04af06_403-gd851b
 
bennor said:
Just an FYI. DNS Director is exclusive to Asus-Merlin firmware. It is not found on the stock 3006.102.x firmware GUI.
Click to expand...
Mmmm...no. It was in Asus firmware for a while but was removed. Something to do with the naming/copyright infringement? Guess they just removed it from the gui but left the functionality.
 
dave14305 said:
That’s interesting. It’s allowing LAN traffic through. Maybe they’ve changed the behavior with all the new SDN/Guest/IoT/Pro stuff.
Click to expand...
OK, in your advanced network mind is there a fix?
 
@dave14305 There were a couple more commands in this post
www.snbforums.com

Stubby-Installer-Asuswrt-Merlin

This page. That's spooky looking to me, like you're welcoming external requests to your router's DNS server. It's out of my league though, since I don't do any port forwarding and I'm back to running John's Fork. But in case you want to solve this once and for all, you can delete your nat-start...
www.snbforums.com www.snbforums.com
 
You must log in or register to reply here.

Similar threads

V
Why is my DNS director not working?
Replies
8
Views
428
vmachiel
V
T
Wireguard Client VPN not using DNS
Replies
14
Views
1K
Tom Jo-Jo Junior Shabadoo
Tom Jo-Jo Junior Shabadoo
plapic
DNS Director
Replies
7
Views
725
bennor
B
unclebuk
Wireguard VPN Director for VPN - WireGuard® Manager© v1.04 by Martineau
Replies
3
Views
480
unclebuk
unclebuk
S
How to route VPN clients through VPN local DNS address
Replies
2
Views
242
SDF07S
S
Similar threads
Thread starter Title Forum Replies Date
B Issue with selective VPN Routing on ASUS GS-AX3000 (WireGuard & VPN Fusion) ASUS Wi-Fi 3
S How to route VPN clients through VPN local DNS address ASUS Wi-Fi 2
R Solved WireGuard VPN issues on Asus Router ASUS Wi-Fi 2
C AiMesh and VPN ASUS Wi-Fi 0
S ASUS VPN Fusion Wireguard client not setting up route(s) on connection ASUS Wi-Fi 1
M Asus routers with VPN fusion ASUS Wi-Fi 1
T WireGuard VPN - 2FA ASUS Wi-Fi 7
M VPN setup with ASUS, QNAP and SOPHOS ASUS Wi-Fi 1
G Asus firmware IKEv2 VPN security issue ASUS Wi-Fi 7
T So sorry if this has been asked before but is this how you revert back to asus stock firmware? ASUS Wi-Fi 11

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 546 (members: 19, guests: 527)
Back
Top