Express and NordVPN only accept DNS Exclusive.

[eibgrad]

I HAVE tried it. When you suggested it.
Works with Express, but although I haven't measured the speed, everything seems noticeably slower.
However, that approach doesn't work with Nordvpn at all. Weird results with Netflix (Most of my stuff was no longer available), Prime knew I was using a vpn, BBC the same. And NORD is much better with some applications than Express, so I really want to use both.
And I tried all sorts of combinations of DNS filtering (not at the same time as setting the DNS as you suggested). That left me with "No connection to the Internet" a lot of the time...

Well the fact ExpressVPN works as desired (the performance issues aside), but NordVPN doesn't, tells me this really isn't a problem w/ the router per se. It's a function of how these websites are reacting to which network interface is being used to access them and/or resolve their domain names. This is a mess brought on by these websites themselves, in their attempt to limit access or implement regional restrictions. And there's no easy way to resolve it other than experiment w/ different DNS servers, VPN providers, etc. The only problem I was trying to resolve was the DNS leaks, which should now be corrected.

 

[Brainstorm]

The only real issue with this fix is the fact i must put my chosen WAN DNS addresses AND the pushed Expressvpn DNS address in the destination field of the Client Rules gui to push them towards the VPN. If I don't put the pushed DNS address in, it doesn't work.
Express vpn often, but doesn't always, push a different dns address, which stops everything working. The pushed address is always in the 10.x.x.x network range, so I tried putting 10.0.0.0/8 in the destination field, but that didn't work at all. Any idea why not?

 

[eibgrad]

What doesn't work? That could mean anything. Be specific.

For some reason, despite the fact we know the router makes it unreachable, you're attempting to access the push'd ExpressVPN DNS server anyway. Why? What is so compelling about the ExpressVPN DNS server that has made you decide to include it, and thus take the working configuration I suggested, and turn it into something that doesn't work? For all I know, the 10.0.0.0/8 rule *is* working in so far as making the ExpressVPN DNS server available, but something else about this configuration makes you proclaim it's not working.

 

[Brainstorm]

OK. I'm NOT obsessed with the Express vpn DNS, and I'm not ignoring your advice.
Here's my timeline:
I put my preferred DNS in the WAN settings. I put those same settings into the Express client, and set it for disabled. It's slow, and pic quality looks poorer, but it works.
I do the same for NORD, it doesn't work. I put the NORD DNS addresses in the Nord client screen, set it for disabled, still doesn't work. I set it for Strict, it works.
I go back to the device (Smart TV), connected to the Express vpn, it says internet connection is fine, but none of the onboard apps work, all saying no netwok connection. TV off, TV on, Power cycled, changed network setting from wired to wireless, no change. No TV apps will work.
Fiddling about, I found yesterday that if I put the Express DNS in the client screen, TV started to work, but I tried it all again today, and that DIDN'T work either. I obviously just got lucky first time around.
After many router reboots, deleting DHCP entries, deleting and reinstalling vpn's, I finally had to factory default the router to get the TV working again. Some routing issue stuck in the OS/routing tables/dhcp I would guess, that's only been cleared by factory reset, but I have no idea what.
I've just been through that exact process again. Express vpn set for disabled, DNS addresses in the client screen, it works. Exactly the same with NORD vpn, it doesn't work, I put the NORD DNS in the client screen and set for Strict, it works, but once again now my TV apps will NOT connect to the internet....looks like another factory reset coming up. I delete everything I've changed with the vpn's, deleted the vpn's and reinstalled them, rebooted the router after every change, still my TV refuses to work.
I'm convinced some config gets left on the router after so called deleting AND factory reset. eg: After factory reset, I start to type WAN DNS addresses, and it remembers them.
I'm off to boil my head.....

 

[Brainstorm]

Just to clarify..
I want to use Expressvpn's Mediastreamer, It's excellent for unblocking some sites, but it does mean I must put it in the router's WAN DNS settings.
I tried IT and Cloudflare and Google DNS's while testing. None of them gave me everything I wanted.
If I can't get pbr working, and it looks like I can't (and Xentrk did advise me I wouldn't with express and nord), then I can use a fairly agricultural workaround with my old Asus as a second router. And that's not ideal because I appear to get occasional radio conflicts.
And when I say things didn't work, vpn's always appeared connected, but tv streaming sites (eg BBC) did NOT get unblocked.
I've asked NORD and Express about this, but they're very protective and secretive about how they unblock sites....sometimes it's even device specific.
I realise there's enough issues here to open up a dozen other threads, so this is a purely rhetorical post....but thanks for your time, expertise, and patience guys.

 

[Sumsurfguy]

I've used Express and Nord (currently using Nord) and both have worked with pbr (Nord currently working fine), my setup is pretty simple, in VPN Client Accept DNS Configuration is set to Exclusive, Force Internet Traffic Through Tunnel is set to Policy Rules (strict), clients I want on the vpn are in Rules for routing client traffic through the tunnel (no destination ip, interface VPN) and cloudflare dns (1.1.1.1,1.0.0.1) is set in wan, Nords instructions say to set their dns in wan, but it's not necessary as eibgrad has already pointed out. I don't have any dns leaks, all clients going through the vpn are using Nords dns and all clients going through wan are using cloudflare, I don't have Netflix, but Amazon is streaming fine and haven't had problems with other sites being blocked. My only other suggestions would be that it's not necessary to enter the custom config advised in Nords instructions, it will be done when you upload the opvn file and to check that ipv6 is disabled, it can cause dns leaks if enabled.

 

[Brainstorm]

Yes. I can get everything working on Merlin, same as you.
I was hoping to get x3mRouting working so I could use the flexibilty of routing using domain names, but x3mRouting won't work with "Accept DNS Exclusive" That's really where my problems began.
Also, I don't have an issue with Netflix or Amazon either, but UK TV streaming sites such as BBC, Britbox, ITV, NOW TV don't work with NORD unless it's set to Exclusive, or their DNS address is pushed via the vpn. The vpn says conected, but the sites don't get unblocked.

 

[Sumsurfguy]

Yes. I can get everything working on Merlin, same as you.
I was hoping to get x3mRouting working so I could use the flexibilty of routing using domain names, but x3mRouting won't work with "Accept DNS Exclusive" That's really where my problems began.
Also, I don't have an issue with Netflix or Amazon either, but UK TV streaming sites such as BBC, Britbox, ITV, NOW TV don't work with NORD unless it's set to Exclusive, or their DNS address is pushed via the vpn. The vpn says conected, but the sites don't get unblocked.

Looks like there's an active dedicated thread for x3m if you'd like to ask there.

 

[Lynx]

eibgrad and others: I have been doing some testing and have found that Amazon Prime will detect the use of a VPN and block streaming when using NordVPN unless the pushed DNS from NordVPN is employed using:
Accept DNS Configuration: 'Exclusive'.
In particular, any attempt to use a custom DNS such as CleanBrowsing Family, regardless of whether the custom DNS is forced over the VPN tunnel, will result in Amazon Prime detecting the VPN and blocking streaming.
Any idea why this might be?
Now because I want to be able to stream Amazon Prime on our TV's, but nevertheless force CleanBrowsing Family on everything else, I have found that I can achieve this in the following way.
In LAN settings-> DNSFilter I can set:
Global Filtering Mode: CleanBrowsing Family
and then make specific client exceptions for my TV's to use:
Filter Mode: Router
This way the TV's will use the pushed NordVPN DNS and Amazon Prime streaming will just work, and at the same time all other LAN devices will benefit from the CleanBrowsing Family DNS filter.

 

[Kingp1n]

eibgrad and others: I have been doing some testing and have found that Amazon Prime will detect VPN when using NordVPN unless the pushed DNS from NordVPN is employed using:

Accept DNS Configuration: 'Exclusive'.

Any idea why this might be?

Now because I want to use Prime on my TV's, but nevertheless force CleanBrowsing on everything else, I have found that in LAN settings-> DNSFilter I can set:

Global Filtering Mode: CleanBrowsing (FAmily)

and then make specific client exceptions for my TV's to use:

Filter Mode: Router

I was having ALOT issues with Netflix, Prime, Disney while using PIA VPN. Once I found the x3mRouting script, I set the Accept DNS configuration as "disabled" and allow all these streaming apps to bypass the VPN using the script. For me it's a life saver without DNS leak, however, I know everyone uses a VPN for different setups. Hopefully the OP can find something that works for his setup.

Note: I did test Express and Nord VPN and went back to PIA cause it seems they force you use the "Exclusive" DNS configuration which I didn't like.

 

[Lynx]

I want router to use VPN by default (rather than WAN by default) but then I do not know how to set up a static route to my modem (192.168.8.1) which is on the WAN.

 

[Brainstorm]

Looks like there's an active dedicated thread for x3m if you'd like to ask there.

Been there already, and spoken to the x3mRouting author, xentrk, who was very helpful and had some ideas but did advise me there's not really a viable solution when using nord and/or express, because of the need to use "Exclusive".
I've tried every which way, and, if you've read my threads, you'll see the mess I've managed to get myself into
But thanks for the help and pointers, anyway.

 

[Lynx]

Why is the script needed to bypass VPN if Amazon / Netflix already work over VPN? I mean I have NordVPN and I can stream Amazon and Netflix fine, so long as I accept the pushed NordVPN DNS via the exclusive option.

 

[Kingp1n]

Why is the script needed to bypass VPN if Amazon / Netflix already work over VPN? I mean I have NordVPN and I can stream Amazon and Netflix fine, so long as I accept the pushed NordVPN DNS via the exclusive option.

This has to do with the VPN provider that you have. Some work better than others. Since I use PIA, these streaming apps wld detect that a VPN was being used hence the use of the x3mRouting script.

If you're not having issues at all than you don't need it.

 

[New2This]

Why is the script needed to bypass VPN if Amazon / Netflix already work over VPN? I mean I have NordVPN and I can stream Amazon and Netflix fine, so long as I accept the pushed NordVPN DNS via the exclusive option.

Using NordVPN here also. But it won’t work on Disney +.
Trying out bytz vpn everything seems to work

 

[Brainstorm]

It's not a "must have". I just like to play, and x3mRouting looked interesting.

 

[Brainstorm]

AND try to increase my vpn tcp/ip router understanding....

 

[Lynx]

Can anyone on this forum suggest why the NordVPN DNS that is pushed must be used in order to circumvent VPN detection?