Unbound Internet (likely DNS?) drops randomly when OVPN is On

[ascent]

Putting this here with the Unbound tag since I think it may be a problem with Unbound or the settings I am using with Unbound and/or the OVPN client.

With OVPN on and having my connected devices go over that VPN via policy rules, I've been having a problem lately where my internet connection fails randomly (sometimes one time per day, multiple times per day, or not for several weeks). By turning OVPN off, it fixes the problem. Usually if I wait a while to turn OVPN back on it's working again.

Before this started happening, everything's been running fine for quite a while and don't think I've made any changes since it started giving me issues. Here's what I'm running:

• Merlin 386.1-2
• Diversion
• Unbound
• x3mrouting (although I don't think I'm really utilizing this right now)
• VPN Client 1 (On)
• Using mostly default settings provided my my VPN service
• Accept DNS configuration (Disabled)
• Policy Rules - strict
• WAN DNS setting - connect to DNS server automatically (No)
• DNS server 1 (1.1.1.1)
• DNS server 2 (1.0.0.1)
• DNS privacy protocol (none)
• DNS filter (On)
• Global filter mode (router)

Any other settings that are needed to help answer my problem?

I was wondering if I need to do some updates in amtm/unbound or if some of my router settings need to be changed.

One other thing, a while back I attempted to install the scripts here ( https://www.snbforums.com/threads/unbound-dns-vpn-client-w-policy-rules.67370/ ) and had it working well but sort of gave me the same issue (my DNS leak test would randomly revert back to my local IP rather than the VPN). So for now I disabled those scripts, but maybe the problems are related?

 

[chongnt]

Since it has been working and only happen at random, I would suspect this is something to do with vpn provider. When you turn back OVPN do you connect back to the same server?

I have been using swinson’s scripts and it has been working fine. Now that you have temporarily disabled the script meaning unbound resolution will bypass your vpn connection and go through your WAN connection directly.

What I can think of to isolate the cause of your problem is do the following when your internet is broken:
SSH into router,
1. dig google.com
This check your WAN connection and your router DNS. In your case is 1.1.1.1 or 1.0.0.1

2. dig @127.0.0.1 -p 53535 google.com
This check unbound DNS if it is working via WAN. If you get the address resolution from the output mean unbound is working correctly.

3. In your pc that is routed through VPN, run
nslookup google.com or dig google.com depending on your OS. This will tell if your machine is getting the address resolution from unbound.

4. In your pc, ping google.com. This will go through your vpn connection. If only your vpn server side is acting up, this will failed.

Edit: by the way, there is a discussion on a script by Matineau that can trigger vpn failover.

VPN and connection management in general

I apologize if I open this thread but I used the search option and found nothing specific about it. By constantly using the VPN, it can happen that in a certain geographical location, the VPN manager has several servers and sometimes some are down. Is there an addon that restarts the VPN if the...

www.snbforums.com