What's new

DNS Leak With VPN Director Policy

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

NB_8

Occasional Visitor
My OpenVPN clients connect properly with no DNS leaks when the "Yes (all)" option is selected for "Redirect Internet traffic through tunnel". I would opt to simply leave this as-is, however, preferring not to have any leaks, I would like to be able to use "VPN Director (policy rules)" in light of user findings on that option avoiding IP leaks.


If anyone can please point me in the right direction as to how one might go about keeping killswitch functionality and avoiding DNS leak while using "VPN Director (policy rules)" it would be much appreciated.
 
The link you posted is NOT specifically related to DNS leaks. That bug allows *any* traffic to leak over the WAN on reboot until the OpenVPN client is connected. And that same link provides a temporary workaround until the problem can be corrected in the firmware.
 
The link you posted is NOT specifically related to DNS leaks. That bug allows *any* traffic to leak over the WAN on reboot until the OpenVPN client is connected. And that same link provides a temporary workaround until the problem can be corrected in the firmware.
I have not yet ventured into the realm of SSH coding, so at this time I am seeking to address the traffic leak issue (which I initially referred to as "IP leaks") in another way.

Using "VPN Director (policy rules)" apparently avoids the traffic leak issue. However, since I'm getting a DNS leak when I use "VPN Director (policy rules)", I'm trying to figure out what can be changed so that "VPN Director (policy rules)"can be used without causing a DNS leak.
 
Then the link you pointed to doesn't seem relevant.

One of the side-effects of using the VPN Director is that it necessarily takes the router itself OFF the VPN. And therefore any services its offering (e.g., DNSMasq as the local DNS proxy) are now bound to the WAN, NOT the VPN. So you have to be very careful about how you configure DNS on the OpenVPN client. The "Accept DNS configuration" setting should either be Exclusive or Strict. I would at least start there. It's also possible to configure "Accept DNS configuration" as Disabled *if* you configure DoT on the WAN, since then all your DNS activity will be encrypted, and then it doesn't matter whether your DNS is performed over the WAN or VPN.
 
Then the link you pointed to doesn't seem relevant.

One of the side-effects of using the VPN Director is that it necessarily takes the router itself OFF the VPN. And therefore any services its offering (e.g., DNSMasq as the local DNS proxy) are now bound to the WAN, NOT the VPN. So you have to be very careful about how you configure DNS on the OpenVPN client. The "Accept DNS configuration" setting should either be Exclusive or Strict. I would at least start there. It's also possible to configure "Accept DNS configuration" as Disabled *if* you configure DoT on the WAN, since then all your DNS activity will be encrypted, and then it doesn't matter whether your DNS is performed over the WAN or VPN.
After looking into this more, DoT will not be an option due to incompatible servers.

That stated, short of getting started with SSH scripting, can anyone recommend a workaround to avoid WAN traffic leaks prior to OpenVPN clients becoming connected? The issue is detailed in the link in the OP.
 
After looking into this more, DoT will not be an option due to incompatible servers.

That stated, short of getting started with SSH scripting, can anyone recommend a workaround to avoid WAN traffic leaks prior to OpenVPN clients becoming connected? The issue is detailed in the link in the OP.

 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top