problem using Asus RT-N66U, openVPN and DNS

[ags]

I've setup my Asus RT-N66U router as an openVPN server. I'm able to connect using the Tunnelblick openVPN client for Mac. However, I can't find a way to automatically set the DNS server after establishing a VPN connection. I've read many posts but haven't found anything specific for my configuration. I've set my router (VPN server) to push the LAN to clients. I've tried all the Tunnelblick options for Set DNS/WINS (set nameserver, 3.1, 3.0b10, alternate 1). Nothing works. When I manually change my connection to use my router IP address as the name server, domain name resolution works. But doing this manually every time is a nuisance. Surely someone has figured this out?

My router is a DHCP client of my ISP server, getting a dynamic IP address and DNS servers from my ISP. I was thinking the best setting would be to "push" the DNS servers specified by my ISP to my remote client. When I manually set the remote (client) DNS server I just specify the IP address of my router and that works.

 

[netware5]

Did you check if "Menu>VPN>OpenVPN Servers>Advanced Settings>Advertise DNS to clients" is set to "Yes"?

 

[ags]

Did you check if "Menu>VPN>OpenVPN Servers>Advanced Settings>Advertise DNS to clients" is set to "Yes"?

I don't have that option. I have "Push LAN to clients" (set to Yes) "Direct clients to redirect internet traffic" (set to Yes) and "Respond to DNS" (set to Yes).

I'm using the stock Asus firmware, version 3.0.0.4.376_1071

 

[netware5]

Could you ssh to the router then check if the following line is present in the /tmp/etc/openvpn/server1/config.ovpn

push "dhcp-option DNS <IP address of your DNS server>"

 

[ags]

Could you ssh to the router then check if the following line is present in the /tmp/etc/openvpn/server1/config.ovpn

push "dhcp-option DNS <IP address of your DNS server>"

That line does not exist. I have read about it during my research but didn't know where/how to enter that information in a config file. I was looking for an option in the web (router) configuration UI. That's a pitfall of becoming used to the web interface I suppose.

Is there a way for me to push the DNS server that was assigned to my router (DHCP client) by my ISP (DHCP server) rather than the router IPaddr? (is there any advantage to that? It seems to work when I set the router IPaddr as the DNS server IPaddr, although I don't know why).

Edit: I tried adding the suggested line to the config.ovpn file. I haven't verified if that will work, but I have verified that the setting is lost (the config.ovpn file modification is overwritten) when I restart the router.

 

[netware5]

That line does not exist. I have read about it during my research but didn't know where/how to enter that information in a config file. I was looking for an option in the web (router) configuration UI. That's a pitfall of becoming used to the web interface I suppose.

It is strange. I have no experience with the stock Asus FW as I am using Merlin's since I bought my router. Why you not give a try to Merlin's FW? It is much better than stock and definitely the OpenVPN server works well.

Is there a way for me to push the DNS server that was assigned to my router (DHCP client) by my ISP (DHCP server) rather than the router IPaddr? (is there any advantage to that? It seems to work when I set the router IPaddr as the DNS server IPaddr, although I don't know why).

You can push any DNS server to your OpenVPN client. I am using as DNS the router itself and it works fine. As your FW web interface does not provide the opportunity to do that you should do this by using some shell commands.

Edit: I tried adding the suggested line to the config.ovpn file. I haven't verified if that will work, but I have verified that the setting is lost (the config.ovpn file modification is overwritten) when I restart the router.

This is normal. The config.ovpn file is generated automatically during the boot process and located in the ramfs, so it does not survive router reboot. In order to make some changes permanent you should play with NVRAM variables. Try to google which variable reflects the "push "dhcp-option DNS <IP address of your DNS server>"" line in the config file. Then modify it using "nvram commit" shell command.

Additionally you may check if the modification will work without playing with NVRAM variables. You may modify the config.ovpn file accordingly and then restart the openvpn server without rebooting the router. If everything is fine you may continue with NVRAM variables.