1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Is Merlin capable of bypassing transparent DNS proxy?

Discussion in 'Asuswrt-Merlin' started by spanishguy, Apr 4, 2019.

  1. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    I switched ISP's and the new one is using a transparent DNS proxy. My VPN provider says that if I want to continue to use a SmartDNS (which I do) I need to flash my RT-AC68U to DD-WRT. I am reluctant to do that so have been using a VPN but the drop in speed is starting to annoy. My ISP is pretty hopeless but if I switch the financial loss is too much at the moment and also every other one available is only offering a much slower download speed. Is there anyway that I can continue with my router and maybe switch to Merlin?
     
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,515
    Location:
    Canada
    Hard to say since we have no idea how their proxy is implemented. My guess is that using Stubby would be a sure way to bypass it, since it doesn't use port 53.
     
    rk8531 likes this.
  3. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    I was rather hoping that there would be something along the lines of the various scripts for DD-WRT that VPN suppliers advertise to bypass Transparent DNS.
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,771
    Location:
    UK
    Maybe if you could direct us to one of these scripts we would be able to say whether they were applicable to Merlin.
     
  5. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    Hi Colin, please forgive my ignorance about such things but I am almost a complete novice at this. My VPN supplier has this link to how to configure a DD-WRT router to bypass a Transparent DNS maybe you could glance at it and see if it could be adapted to work on merlin. Any help is totally appreciated.
    https://www.hideipvpn.com/setup/dd-wrt-bypass-transparent-dns-proxy-smartdns-problem/
     
  6. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    Further to that this is the script they issue.
    iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 83.170.84.75:1512
    iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 45.55.147.169:1512
    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 83.170.84.75:1512
    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 45.55.147.169:1512
     
  7. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,771
    Location:
    UK
    Yes you can do that using a nat-start user script.
     
  8. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    Thanks Colin I'll try that and let you know how I get on. Do I use the same script as above?
     
  9. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,771
    Location:
    UK
    You need to create a script something like this (adjusting the IP address and port as necessary):
    Code:
    #!/bin/sh
    iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 83.170.84.75:1512
    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 83.170.84.75:1512
    
    or
    Code:
    #!/bin/sh
    iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 45.55.147.169:1512
    iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 45.55.147.169:1512
    
    I can't see why they've tried to put both IP addresses into the same script because once gets a match on the first address it won't ever go to the next statement.:rolleyes:
     
    Last edited: Apr 12, 2019
    L&LD likes this.
  10. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    Hi Colin, I have to confess I have no idea how to do that. How do I get the script into the router? I have never used Linux before and I am a complete beginner.
     
    Last edited: Apr 8, 2019
  11. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    Are there any simple ways to put the scripts into the router without going to the trouble of obtaining a Degree in Linux? This looks like a very straightforward router interface and I would really like to keep it but if it is so difficult to input a simple script I may be forced to switch to DD-WRT as it is easy to do on there.
     
  12. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,771
    Location:
    UK
    If you are a Windows user then the easiest way would probably be with WinSCP.

    EDIT: You could use this post as a general guide to using WinSCP. Obviously adapt it to edit the file that you want.
     
    Last edited: Apr 9, 2019
    L&LD likes this.
  13. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    Thanks Colin, I'm on it now.
     
  14. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    9,851
    WinSCP + PuTTY + Notepad ++ all properly configured to work as you need and prefer and no Linux degree needed. ;)
     
    spanishguy likes this.
  15. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    No connection could be made because the target machine actively refused it.
    Connection failed.

    I'm starting to think I should have gone to primary school, never mind a degree..:(

    It's possibly because I am using TPlink powerline adaptors between my various bit's of kit. Is it necessary to have a direct link from PC to router or is ok via the adaptors?
    This is the ip I used as the host name and I then input the user name and password but it still does not recognise it.
    192.168.1.1


    I also tried with http://router.asus.com but it then said that the router refused the connection!!
     
    Last edited: Apr 9, 2019
  16. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    9,851

    spanishguy, have you enabled SSH on your router? :)

    Go to Administration, System tab, Service Section and Enable SSH to LAN Only.

    A bit lower, set Enable SSH Brute Force Protection to On.

    You should be able to connect with PuTTY, WinSCP (make sure you set the file protocol to SCP for your connection options) or any other utility that enables ssh connections.
     
  17. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    Yayyyy!!! Thank god for you Colin.. Finally making some progress. I have family from the UK arriving early tomorrow so am having an early night but I will be back on this tomorrow. Thank you so much.
     
    L&LD likes this.
  18. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,771
    Location:
    UK
    That was @L&LD's tip actually. ;)
     
    L&LD likes this.
  19. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    Apologies to any and all and thanks to the same, you guys are superb. Thank you so much.
     
    L&LD likes this.
  20. spanishguy

    spanishguy Occasional Visitor

    Joined:
    Apr 4, 2019
    Messages:
    14
    I am just having a few minutes in between looking after my granddaughter so not much time for the next few days as you can imagine. Should I have any scripts already in the router or is just empty? Is there any particular convention I need to follow when naming files within scripts? What, if any, permissions do I have to give to the file or will the default suffice?.