How to push own DNS server when using VPN

[Xentrk]

It seems like it might be too hard to forward all requests for, say, Netflix to your American VPN client specifically though. I can get the traffic to go to the right gateway by using an alias for all Netflix IP addresses, but I can't figure out a way to force all DNS requests for "netflix.com" (and all other relevant URLs too) out a particular gateway regardless of the source. Any ideas?

From my testing, I have concluded the streaming services don’t care what DNS you are using. It is your geo location based on your IP address. You can read more about it here
https://x3mtek.com/why-i-use-torguard-as-my-vpn-provider/

I will write a tutorial on selective routing using pfSense once the holidays are over. In a nut shell, I use the TorGuard private VPN. In pfBlockerNG, I use the IP List feature to store the Netflix and Amazon AWS US IPv4 addresses. In Firewall -> LAN, I create a rule to have any source LAN IP address that references the Netflix and Amazon IPv4 addresses to the Private IP VPN tunnel. For CBS, I do use a firewall alias for hostnames and use a similar LAN firewall rule to route to the appropriate tunnel.

 

[Xentrk]

It seems like it might be too hard to forward all requests for, say, Netflix to your American VPN client specifically though. I can get the traffic to go to the right gateway by using an alias for all Netflix IP addresses, but I can't figure out a way to force all DNS requests for "netflix.com" (and all other relevant URLs too) out a particular gateway regardless of the source. Any ideas?

Here is another reference you can look at
https://nguvu.org/pfsense/pfsense-2.3-setup/

I think you can achieve your goal by configuring DNS at the Gateway level. For TG, the DNS IP is the similar to the Gateway IP, the last digit is a “1”. For example, the tunnel IP is 10.25.0.30, the DNS will be 10.25.0.1.

 

[Alexis Ren]

Not sure if i understand, but you can push a 3rd party dns to a vpn client with openvpn for example. (others too)

 

[zeid]

Thanks for the link Xentrk. Could you explain what the difference is between DNS Strick and DNS Exclusive? Looks like those options are only available on Merlins. Unfortunately Merlin does not support the GT-AC5300, so I'm stuck with stock.

As for my situation. I think I may have solve the problem. If forcing clients to use a VPNs DNS service is the norm, then I'm sticking with the last working firmware. If it's a bug, I wish Asus would fix it. I did contact Asus support about this and got my router replaced... tech support believes I have bad chipset in my router. Whatever. I just got the replacement in yesterday with same results. Anyways, I've modified my VPN config file and things seems to be working on both original and replacement router. I'll let it run for a few days to see if I need to go back to an older firmware. Amazon and other sites are working again and both of my DNS are working as it should; one goes down, the other picks up. And finally, ad blocking is working again. So ... fingers cross.

i have same problem with my GT-AC5300 can you please provide more detail how you fix the issue

thanks in advance

 

[Daddygoofball]

Expected Behavior:
When using VPN (NordVPN), local client will use local DNS servers as defined in DHCP of Asus router (GT-AC5300) and not VPN's DNS service.

Actual Behavior:
When connected to a private VPN, clients bypass local DNS and use the VPNs DNS service instead. As a result, problem loading some sites (Amazon . com, etc..) and ads are not block.

Current Setup:
Asus GT-AC5300 with latest firmware, 3.0.0.4.384.21140 using FusionVPN (OpenVPN client)
Local DNS running Pi-Hole (DNS over HTTPS)

With older firmware (3.0.0.4.384.20648), GT-AC5300 worked fine, clients were using local DNS as configured in DHCP. But with latest firmware, clients are being forced to use VPN's DNS servers instead.

Is there a way to force VPN connection to use local DNS? Let say, editing the x.nordvpn.com.udp.ovpn file?

Any help would be appreciated. Thanks.

Racked my brain on this seems like forever and found the easiest facepalm solution.
Setup
My PiHole is my DHCP and DNS server for my local network.

Change your WAN DNS server IP to your local PiHole IP address. This tells your router to look inside instead or outside for DNS resolution. your PiHole will still handle all your DNS and ad-blocking magic.


I hope this helps someone.