AsusWRT-Merlin Configuration with VyprVPN and DNS Settings

  • ATTENTION! As of November 1, 2020, you will not be able to reply to threads 6 months after the thread is opened. Threads will not be locked, so posts may still be edited by their authors.

Rowdy83

New Around Here
VyprVPN provides an App that can be only used with Tomato Shibby; it seems that Shibby is out of date (last update 2017). For router configurations, I see that VyprVPN suggests to use Google DNS or OpenDNS for the “suggested DNS server addresses”. For instance, the instructions for ASUSWRT (Merlin) show that the “WAN DNS Setting” should be set to Google DNS or OpenDNS. Can’t the VyprVPN DNS servers be used here instead? Doesn’t the use of Google or OpenDNS with VyprVPN open yourself up to logging or privacy concerns? Lastly, if one does not want to use either of these two DNS servers, does anyone have a suggestion for a fast no logging DNS to configure with Merlin? I’m thinking maybe Cloudflare, Quad 9 or DNS.Watch? Others? Thanks! (FYI, have also posted in VyprVPN/GoldenFrog forum).
 

RMerlin

Asuswrt-Merlin dev
The VyprVPN DNS probably only work through the tunnel, so they can't be applied globally at the WAN level.
 

Rowdy83

New Around Here
RMerlin,

Thanks for your reply. Are there security or privacy concerns if I were to use a “WAN DNS Setting” like 9.9.9.9 or 1.1.1.1 in this configuration? It's my impression that I would be missing out on the full VPN protections by using a non VPN WAN DNS setting, although I'll admit I'm definitely not an expert in this area.
 

ColinTaylor

Part of the Furniture
Thanks for your reply. Are there security or privacy concerns if I were to use a “WAN DNS Setting” like 9.9.9.9 or 1.1.1.1 in this configuration? It's my impression that I would be missing out on the full VPN protections by using a non VPN WAN DNS setting, although I'll admit I'm definitely not an expert in this area.
The router needs access to a DNS server (either your ISP's or a publicly available one) to be able to boot up properly, e.g. to resolve names, set the date/time, etc. Only after it has done that can it connect to your VPN provider. You can configure the VPN settings so that clients will use the VPN and the provider's DNS server.
 

Rowdy83

New Around Here
The router needs access to a DNS server (either your ISP's or a publicly available one) to be able to boot up properly, e.g. to resolve names, set the date/time, etc. Only after it has done that can it connect to your VPN provider. You can configure the VPN settings so that clients will use the VPN and the provider's DNS server.
Thanks. So the DNS that is set in the “WAN DNS Setting” (DNS Server1, DNS Server2) of Merlin is to just get things initially setup with the conduit when it first boots up? Following the initial setup, will it will then bypass this DNS setting and go directly to VyprVPN? Is the initially set DNS used again to resolve names, or just the VPN's DNS? For security and privacy, I wouldn't want it to continue inquiring with the manually set DNS to resolve names, etc. Sorry, it's just somewhat confusing that VyprVPN would not provide their own DNS server address for setup of Merlin: https://support.vyprvpn.com/hc/en-us/articles/360037721792-VyprVPN-OpenVPN-Setup-for-AsusWRT Many thanks!
 

ColinTaylor

Part of the Furniture
Thanks. So the DNS that is set in the “WAN DNS Setting” (DNS Server1, DNS Server2) of Merlin is to just get things initially setup with the conduit when it first boots up? Following the initial setup, will it will then bypass this DNS setting and go directly to VyprVPN?
The VPN clients will if you configure the VPN that way.

Is the initially set DNS used again to resolve names, or just the VPN's DNS?
Again, it depends how you configure the DNS options in the VPN client settings. There are many ways to configure it there.

For security and privacy, I wouldn't want it to continue inquiring with the manually set DNS to resolve names, etc.
Indeed. But you might want to configure it such that the router itself continues to use the WAN DNS servers (so that it's not dependent on the VPN provider), while all the LAN clients use the VPN DNS servers.

I suggest you read the whole of this wiki entry carefully. Note the example at the bottom of the page. https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing

Sorry, it's just somewhat confusing that VyprVPN would not provide their own DNS server address for setup of Merlin: https://support.vyprvpn.com/hc/en-us/articles/360037721792-VyprVPN-OpenVPN-Setup-for-AsusWRT Many thanks!
That link is confusing, it states " Note: VyprDNS does not currently work with this setup. If you do not specify custom DNS, your VPN connection will establish, but there will be no throughput." So I'm not sure what the point of publishing it is then. :confused: I think it's as RMerlin alluded to, they're trying to say the the VyprVPN DNS servers are not publicly available.
 

Rowdy83

New Around Here
The VPN clients will if you configure the VPN that way.


Again, it depends how you configure the DNS options in the VPN client settings. There are many ways to configure it there.

Indeed. But you might want to configure it such that the router itself continues to use the WAN DNS servers (so that it's not dependent on the VPN provider), while all the LAN clients use the VPN DNS servers.

I suggest you read the whole of this wiki entry carefully. Note the example at the bottom of the page. https://github.com/RMerl/asuswrt-merlin.ng/wiki/Policy-based-routing


That link is confusing, it states " Note: VyprDNS does not currently work with this setup. If you do not specify custom DNS, your VPN connection will establish, but there will be no throughput." So I'm not sure what the point of publishing it is then. :confused: I think it's as RMerlin alluded to, they're trying to say the the VyprVPN DNS servers are not publicly available.
Thanks! I've read through the wiki and will try these configurations tomorrow when the router arrives. Thanks again.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top