Interaction between DNS Filter and VPN client

[joe68000]

I have noticed that DNS assignment to VPN clients when DNS Filter is set to "Router" overrides the VPN Client DNS configuration "Exclusive". I have multiple guest networks set up, some using VPNs and some not (thanks to YazFi), and I am using Diversion for my router-based DNS solution.

Since I have the DNS Filter enabled and set to Router, the VPN clients get assigned the router DNS - even if I have "Exclusive" set.

I would like the VPN client setting to override the DNS Filter, but I don't see how to do it.

Any ideas?

 

[Swistheater]

I have noticed that DNS assignment to VPN clients when DNS Filter is set to "Router" overrides the VPN Client DNS configuration "Exclusive". I have multiple guest networks set up, some using VPNs and some not (thanks to YazFi), and I am using Diversion for my router-based DNS solution.

Since I have the DNS Filter enabled and set to Router, the VPN clients get assigned the router DNS - even if I have "Exclusive" set.

I would like the VPN client setting to override the DNS Filter, but I don't see how to do it.

Any ideas?

Set global mode to no filter, and if you want specific devices to be forced to use local DNS server you would then individually define them on that list as "Router Mode " selected.

example

 

[joe68000]

Set global mode to no filter, and if you want specific devices to be forced to use local DNS server you would the individually define them on that list as "Router Mode " selected.

I have tons of devices on my network, including transients, so individually configuring for each device is not an option really.

 

[Swistheater]

I have tons of devices on my network, including transients, so individually configuring for each device is not an option really.

I don't know if the VPN client has a distinguishable Local IP addressing pool. does it?
if it does, there may be another solution you could try, but first please respond and let me know.

it would be reported right here

for example if it was 10.0.0.x, you may be able to specify that to the DNS Filter list as a No filter option.

EDIT: but that wont work though because the routes are defined via mac-addressing. you would have to be able to specify via IP. maybe a custom DNSMASQ rule will fix the issue, you would need someone with alittle more knowledge on custom DNSMASQ rules.

 

[joe68000]

I don't know if the VPN client has a distinguishable Local IP addressing pool. does it?
if it does, there may be another solution you could try, but first please respond and let me know.

it would be reported right here

View attachment 18548

I have each guest network on a different subnet, so they have different local IPs. For example, here are two:

 

[Swistheater]

I have each guest network on a different subnet, so they have different local IPs. For example, here are two:View attachment 18549

maybe try specifying that the guest network uses 10.8.0.x as the IP for DNS instead of leaving it undefined for each one.

so for each one just manually define the gateway IP address for that VPN client in the DNS server place

obviously try this in the yazfi config file.

 

[joe68000]

In the VPN client settings, there is no way to set a particular DNS server, just to pick a configuration. I want to use either "Exclusive" or "Disabled" - use the VPN DNS servers, or use the router.

This setting seems to be completely overridden by the DNS Filter being set to "Router".

 

[Swistheater]

so for 10.8.0.x you would put in 10.8.0.1

as oppose to leaving it blank

 

[Swistheater]

10.8.2.0 you would put in 10.8.2.1

 

[joe68000]

Interesting, ok I'll give that a shot! I have to run out now - I'll report back when I've set it up and tested it.

 

[Swistheater]

Interesting, ok I'll give that a shot! I have to run out now - I'll report back when I've set it up and tested it.

you might also want to fill the DNS2 with the same thing so it doesn't use router as fall back, unless you want it to.

 

[joe68000]

OK, it looks like user error/misunderstanding, along with maybe a bug?

The order of precedence for DNS configuration appears to be: YazFi config > VPN Client config > DNS Filter

The YazFi docs say that FORCEDNS is ignored if the VPN Client is set to Exclusive (https://github.com/jackyaz/YazFi#wl01_forcedns) but it appears to force those servers despite the VPN client config.

So now I am setting the VPN Client DNS Config to "Disabled" and explicitly setting the DNS servers for each network in the YazFi config.

 

[Swistheater]

OK, it looks like user error/misunderstanding, along with maybe a bug?

The order of precedence for DNS configuration appears to be: YazFi config > VPN Client config > DNS Filter

The YazFi docs say that FORCEDNS is ignored if the VPN Client is set to Exclusive (https://github.com/jackyaz/YazFi#wl01_forcedns) but it appears to force those servers despite the VPN client config.

So now I am setting the VPN Client DNS Config to "Disabled" and explicitly setting the DNS servers for each network in the YazFi config.

let me know if you get this to work, and what you had to do. from my understanding all the force dns option does is require all devices connected to that connection to use the specified DNS. so as long as you specify a DNS , you should be fine, by leaving it blank it appears to be using router default instead of the one provided by the VPN.