GT-AC5300 with 3.0.0.4.384_21140, OpenVPN / DNS problems

[Jerie-]

https://www.snbforums.com/threads/gt-ac5300-not-using-2nd-dns-define-in-settings.47079/

Hello folks. As with the post I made last month (see above link), I'm having the same problem with OpenVPN client (FusionVPN) and NordVPN on yet the latest firmware. Same issues as before, what ever has changed from 3.0.0.4_384_20648 to 3.0.0.4.384.21045 ... and now 3.0.0.4.384_21140 is causing this. With VPN connection, I cannot visit Amazon . com or it loads very very very slowly. I've been told by NordVPN that Amazon has blacklisted NordVPN and that's why the issue. Long story short, I've found that if I use my own local DNS or non NordVPN DNS, Amazon . com loads fine.

Again, I'm using two local DNS servers with the latest version of pi-hole. My router's LAN DHCP is configured to use local.dns1 as main DNS and of course, the router is the secondary DNS. The router itself is configured to use local.dns1 and local.dns2. For what ever reason, all clients do not seem to be using my local DNS as configured when running any firmware past 3.0.0.4_384_20648. I had hoped that with the latest firmware, this issue may had been resolved. Guess not.

I have both local DNS powered down and yet my local clients can still resolve dns addresses; the internet still works. Using ipleak . net and dnsleaktest . com, it states that my DNS servers are: 103.86.96.100 & 103.86.99.100

How can that be if I have configured my DNS to local.dns1/dns2 and they are using cloudflare (1.1.1.1, 1.0.0.1)? I did not specify those DNS servers to be used. Using whois lookup, those severs belong to NordVPN. It's because of this that Amazon is loading slowly. Anyone out there using NordVPN with GT-AC5300 and having this issue? If I disable my VPN connection or used 3.0.0.4_384_20648 w/VPN, everything works again.

My router was set to factory after the upgrade and manually reconfigured just in case anyone was wondering.

Any help, please.

 

[kfp]

Do you use their clients? On top of client VPN software they seem to also have browser extensions too.

 

[Jerie-]

Hey kfp,

No, I am only using the router to connect to NordVPN and sharing its connection. No browser extension nor application running on any client.

 

[kfp]

Just reread your post, sounds like you’re only having problems when connected to VPN. I think the behaviour you’re seeing might very well be intentional; when you’re connected to a VPN you generally don’t want to use other DNS sources including your local DNS resolvers/forwarders.

Sucks that NordVPN doesn’t have a good relationship with Amazon though.

 

[Jerie-]

Sucks that NordVPN doesn’t have a good relationship with Amazon though.

Not really all NordVPN's fault if their users are abusing their anonymity. But their fault for not letting new users know of this situation. I've had this Amazon problem from day one and was told it would be solve soon. Their only solution is to use their extension and turn it off when visiting Amazon or using their foreign servers to bypass this ban. Problem with using foreign servers is that it effects internet speed. Chose NordVPN because their service was quickest and the price at that time. Also, been using NordVPN for 8 months now, there are sites that auto ban you for joining or visiting their site when using NordVPN. Wished I knew this going in, now stuck with the service for the next 3 years.

Just reread your post, sounds like you’re only having problems when connected to VPN. I think the behaviour you’re seeing might very well be intentional; when you’re connected to a VPN you generally don’t want to use other DNS sources including your local DNS resolvers/forwarders.

You're kidding me? So for the past firmware(s), it was a bug that Asus allowed the use of other DNS sources other than through the VPN? Even NordVPN extentions/app allow 3rd party DNS servers. Assuming Merlin allowed this too. I would think Asus was smarter than this, if it was intentional. That would mean I can not upgrade firmware, if ever. I can't believe I'm the only one who notices this.

Any other solution? I recall Asus reps visit this site. Would any of them care to chime in? Thank you.

 

[Jerie-]

So no one has this issue? Oddly enough, I contacted Asus support via Chat. Dwayne B., thanks again for you support. Dwayne B. explanation for my issues is because Asus doesn't support VPN on their wireless routers and kept offering links to load firmware version 3.0.0.4.384.20287 from 2018/01/26. When asked to explain his remarks , he offer more links... "FAQ and how to flash firmware on Asus routers". I than asked for a manger, he thanked me and disconnected the chat. Support over the phone was a little better with the tech constant reassurance of "no worries, you are our top etc... Our technicians will get back to you etc." All I can say is, this is the last Asus router for me. I'm tired of this unstability.

 

[kfp]

So no one has this issue?

There are others mentions here and there, that’s how I know about the issue as I don’t use VPN on my routers.

Some people want more features, some want more stability, it’s hard to satisfy both with the same budget and time constraints ¯\_(ツ)_/¯

But generally all consumer grade networking gear has shirt software (with exception to Synology IMO, they put a lot of effort into their software). Best of luck with your next router.

 

[Jerie-]

kfp,

As a matter of fact, I was interested in the Synology RT2600AC since I heard good things about their first wireless router, the RT1900AC. The OS running on their router is suppose to be as good as their NAS. Think I read somewhere that they are doing something similar to Asus's AiMesh, which isn't really a selling point for me. Anyways, my first NAS was a Synology DS508 (from 2007/08). Still working but due to end of life support & write speed, I've been using it for archiving. Have two Qnap NAS right now, an 8 bay and more recant 6 bay that I use to run VMs.

Anyways, I've gone back to v3.0.0.4_384_20648. Reset to factory and manually reconfigured. Internet is working again. If nothing major happens, security wise, I'll just stay on that firmware. Think I'll build a router and load pfSense and just use the GT as an access point at some point.