block-outside-dns but for ASUS Merlin?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

quarantinho

New Around Here
Hey guys,

I'm accessing a VPN using the OpenVPN desktop client and everything works fine / is not reporting any DNS leaks.

However, I would like the entire traffic of my device to go through the tunnel without always starting the software. Since I have an ASUS router, I installed Merlin firmware and set up policy based routing that redirects all traffic of this specific device through the tunnel. I'm using exactly the same configuration file that I previously used on my PC, except the command "block-outside-dns".

In this configuration, without the missing command of "block-outside-dns", my VPN is having DNS leaks. Meaning that whenever I run a test in this configuration, my location is correctly identified which I want to avoid at all costs.

So my question is: Is there an equivalent for "block-outside-dns" that I can use on the client side in this configuration? Since my dad is the provider of the VPN from the server side, it would be great if I could configure the client side to achieve this (don't want to bother him if it's not necessary).

Any ideas?

Thanks in advance!
 
Last edited:

RMerlin

Asuswrt-Merlin dev
Set DNS mode to "Exclusive" on your OpenVPN client settings.
 

quarantinho

New Around Here
You mean here, correct?

vpn settings.JPG


I have set it like this currently and while my IP is from the same country the VPN is, a DNS leak test still reveals my actual location (at least I think that's what's happening?).

E.g. I live in Germany and the VPN is in Turkey, so ideally, the DNS Leak test shouldn't show this:
düsseldorf.JPG
 

RMerlin

Asuswrt-Merlin dev
You mean here, correct?

View attachment 34869

I have set it like this currently and while my IP is from the same country the VPN is, a DNS leak test still reveals my actual location (at least I think that's what's happening?).

E.g. I live in Germany and the VPN is in Turkey, so ideally, the DNS Leak test shouldn't show this:
View attachment 34870

Try a different browser. Since it reports Cloudflare, it`s possible it`s your browser silently moving you to use DNS over HTTPS, which will bypass any VPN, and cannot be actively blocked.

DoH and DoT cannot be "blocked" at a VPN level, as they don't use regular port 53 DNS queries.
 

quarantinho

New Around Here
I see. Tried a different browser but getting the same results. But what's still very confusing to me is that I don't have this issue whenever using the openVPN desktop client instead on a windows PC, regardless of which browser I use. So I assume it has to be an issue with the different configuration files that I'm using between pc client/router.
 

cptnoblivious

Regular Contributor
If Firefox is one of the browsers you are trying, double check that it's no using DoH by going to:

Settings | Network Settings
And ensure that "Enable DNS over HTTPS" is NOT checked (last checkbox on the config page)
 

quarantinho

New Around Here
Thanks for the suggestion, I've gone ahead and tried that but no luck so far. There are still Hosts outside of the VPN's location showing up.

I've tried several setups now and it seems as though this one is doing the trick, at least for Firefox.

123.JPG


I don't quite understand what the difference between exclusive/strict is for the option to accept DNS configuration, but it seems to be working OK for now. Google Chrome sometimes still reveals my true location however so this solution is not quite as secure as just using the PC client I guess?
 
Similar threads

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top