Best config options for 384.11_2 for dns using vpn

[Xentrk]

My iPhone, Apple TV 4K, and some IOT devices are routed through the Expressvpn. And my iMac through the WAN. And Im not using Ad blockers on any devices and Ads are blocked. I have no idea how it's happening. Maybe its related to something I'm not aware of. However, I'll reboot all devices and see if that makes a difference.

To be honest even if I have to route all traffic through the VPN for diversion to work, Im cool with that.

When you have time, try routing your iMac thru Express VPN, visit a few sites and see if ads appear. speedtest.net is a good site to test on.

 

[Skeptical.me]

When you have time, try routing your iMac thru Express VPN, visit a few sites and see if ads appear. speedtest.net is a good site to test on.

I've done it. no ads are appearing. I'll keep the settings to (DNS) "Exclusive" ... and Redirect Traffic to "All".


Sent from my iPhone using Tapatalk Pro

 

[Ro berto]

I know of one forum user that uses Express VPN. The ability to bypass Netflix breaks when he uses a DNS other than the one provided by the VPN provider.

the same happens with me but with nordvpn. I don't know what they do with the DNS. Some black magic maybe.

 

[Xentrk]

I've done it. no ads are appearing. I'll keep the settings to (DNS) "Exclusive" ... and Redirect Traffic to "All".


Sent from my iPhone using Tapatalk Pro

Thank you. That helps clarify things.

I thought you were using Policy Rules. Diversion is able to block ads over the VPN tunnel if Redirect Traffic is set to All and Accept DNS Configuration = Exclusive. But once you set Redirect Traffic to Policy Rules, Diversion will not be able to block ads as dnsmasq will be bypassed. In that case, I recommend people set Accept DNS Configuration = Disabled and enable DoT to encrypt DNS queries. The tunnel will then use the DoT DNS.

 

[Xentrk]

the same happens with me but with nordvpn. I don't know what they do with the DNS. Some black magic maybe.

I suspect they are using DNS Proxy thru the VPN tunnel to get around the blocks.

 

[Marin]

I suspect they are using DNS Proxy thru the VPN tunnel to get around the blocks.

I use NordVPN as well. I have Accept DNS Configuration = Strict. I also have enabled Policy Rules as "Strict" and have included in Custom Configuration these options:

dhcp-option DNS 103.86.96.100
dhcp-option DNS 103.86.99.100

and everything routed through VPN (192.168.50.0/24)

Also, I have WAN DNS settings (under the WAN tab):

"Connect to DNS servers automatically" = No and under the DNS 1 and DNS 2 I have:

103.86.96.100
103.86.99.100

which are NordVPN's servers.

All ads are blocked and all clients go through NordVPN. I have no DNS leaks and all DNSSEC tests (except Cloudlflare's) are validated.

To bypass Netflix's "proxy error" I use @Xentrk's Selective routing script and everything works just fine.

 

[Ro berto]

To bypass Netflix's "proxy error" I use @Xentrk's Selective routing script and everything works just fine.

in other words, you se Xentrk script to route Netflix outside of the VPN?

I live in Germany and I use the OpenVPN client to route Netflix inside the VPN tunnel, but I have to change the US servers quite often because they are constantly being blocked by Netflix (Whack-a-mole). I'll try setting DNS with NordVPN and see if it changes.

 

[Ro berto]

"Connect to DNS servers automatically" = No and under the DNS 1 and DNS 2 I have:

103.86.96.100
103.86.99.100

which are NordVPN's servers.

Do you also enabled DoT?

 

[Marin]

Do you also enabled DoT?

Yes and using Cloudflare as my servers


Sent from my iPhone using Tapatalk

 

[Marin]

in other words, you se Xentrk script to route Netflix outside of the VPN?
.

Yes and it has helped to not have additional entries in the Policy rules (for example, add your device (s) that your stream Netflix to go through WAN interface).


Sent from my iPhone using Tapatalk