Menu
What's new
By:
Filters Better Search

Is Merlin capable of bypassing transparent DNS proxy?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

S

spanishguy

Occasional Visitor
I switched ISP's and the new one is using a transparent DNS proxy. My VPN provider says that if I want to continue to use a SmartDNS (which I do) I need to flash my RT-AC68U to DD-WRT. I am reluctant to do that so have been using a VPN but the drop in speed is starting to annoy. My ISP is pretty hopeless but if I switch the financial loss is too much at the moment and also every other one available is only offering a much slower download speed. Is there anyway that I can continue with my router and maybe switch to Merlin?
 
Hard to say since we have no idea how their proxy is implemented. My guess is that using Stubby would be a sure way to bypass it, since it doesn't use port 53.
 
I was rather hoping that there would be something along the lines of the various scripts for DD-WRT that VPN suppliers advertise to bypass Transparent DNS.
 
Maybe if you could direct us to one of these scripts we would be able to say whether they were applicable to Merlin.
 
ColinTaylor said:
Maybe if you could direct us to one of these scripts we would be able to say whether they were applicable to Merlin.
Click to expand...
Hi Colin, please forgive my ignorance about such things but I am almost a complete novice at this. My VPN supplier has this link to how to configure a DD-WRT router to bypass a Transparent DNS maybe you could glance at it and see if it could be adapted to work on merlin. Any help is totally appreciated.
https://www.hideipvpn.com/setup/dd-wrt-bypass-transparent-dns-proxy-smartdns-problem/
 
Further to that this is the script they issue.
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 83.170.84.75:1512
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 45.55.147.169:1512
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 83.170.84.75:1512
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 45.55.147.169:1512
 
You need to create a script something like this (adjusting the IP address and port as necessary):
Code: 
#!/bin/sh
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 83.170.84.75:1512
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 83.170.84.75:1512
or
Code: 
#!/bin/sh
iptables -t nat -A PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 45.55.147.169:1512
iptables -t nat -A PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 45.55.147.169:1512
I can't see why they've tried to put both IP addresses into the same script because once gets a match on the first address it won't ever go to the next statement.:rolleyes:
 
Last edited:
Hi Colin, I have to confess I have no idea how to do that. How do I get the script into the router? I have never used Linux before and I am a complete beginner.
 
Last edited:
Are there any simple ways to put the scripts into the router without going to the trouble of obtaining a Degree in Linux? This looks like a very straightforward router interface and I would really like to keep it but if it is so difficult to input a simple script I may be forced to switch to DD-WRT as it is easy to do on there.
 
If you are a Windows user then the easiest way would probably be with WinSCP.

EDIT: You could use this post as a general guide to using WinSCP. Obviously adapt it to edit the file that you want.
 
Last edited:
spanishguy said:
Are there any simple ways to put the scripts into the router without going to the trouble of obtaining a Degree in Linux? This looks like a very straightforward router interface and I would really like to keep it but if it is so difficult to input a simple script I may be forced to switch to DD-WRT as it is easy to do on there.
Click to expand...

WinSCP + PuTTY + Notepad ++ all properly configured to work as you need and prefer and no Linux degree needed. ;)
 
No connection could be made because the target machine actively refused it.
Connection failed.

I'm starting to think I should have gone to primary school, never mind a degree..:(

It's possibly because I am using TPlink powerline adaptors between my various bit's of kit. Is it necessary to have a direct link from PC to router or is ok via the adaptors?
This is the ip I used as the host name and I then input the user name and password but it still does not recognise it.
192.168.1.1


I also tried with http://router.asus.com but it then said that the router refused the connection!!
 
Last edited:
spanishguy said:
No connection could be made because the target machine actively refused it.
Connection failed.

I'm starting to think I should have gone to primary school, never mind a degree..:(

It's possibly because I am using TPlink powerline adaptors between my various bit's of kit. Is it necessary to have a direct link from PC to router or is ok via the adaptors?
This is the ip I used as the host name and I then input the user name and password but it still does not recognise it.
192.168.1.1
Click to expand...


spanishguy, have you enabled SSH on your router? :)

Go to Administration, System tab, Service Section and Enable SSH to LAN Only.

A bit lower, set Enable SSH Brute Force Protection to On.

You should be able to connect with PuTTY, WinSCP (make sure you set the file protocol to SCP for your connection options) or any other utility that enables ssh connections.
 
Yayyyy!!! Thank god for you Colin.. Finally making some progress. I have family from the UK arriving early tomorrow so am having an early night but I will be back on this tomorrow. Thank you so much.
 
I am just having a few minutes in between looking after my granddaughter so not much time for the next few days as you can imagine. Should I have any scripts already in the router or is just empty? Is there any particular convention I need to follow when naming files within scripts? What, if any, permissions do I have to give to the file or will the default suffice?.
 
You must log in or register to reply here.

Similar threads

J
Prevent bypassing AGH DNS
Replies
5
Views
451
jayz
J
M
VPN FUSION & VPN DIRECTOR Merlin Firmware
2
Replies
34
Views
1K
Aiadi
A
J
RT-AC86U DNS leaks while using mullvad
Replies
1
Views
423
jsn2233
J
P
Solved Router DHCP and DNS not responding to changes
2
Replies
35
Views
2K
PTS
P
XIYO
Is there an option like inadyn --continue-on-error "command"?
Replies
2
Views
515
XIYO
XIYO
Similar threads
Thread starter Title Forum Replies Date
GreyHawkz Asus RT-AX82U Stock vs Merlin Advantage? Asuswrt-Merlin 1
A Question about Asus Merlin Router behind a firewalla? Asuswrt-Merlin 8
RMerlin Release Asuswrt-Merlin 3004.388.7 is now available Asuswrt-Merlin 124
RMerlin Beta Asuswrt-Merlin 3004.388.7 beta is now available Asuswrt-Merlin 123
Z Solved Accidentally flashed XT12 latest merlin on a ET12 Asus Zenwifi Pro. Can't flash back stock FW. Asuswrt-Merlin 11
S Use Zram in Merlin Asuswrt-Merlin 4
PaulA Port isolation on RT-AX88U-Pro (router) w/ Merlin w/ Tagged internet ISP Asuswrt-Merlin 1
T Asus RT-AX86U vs RT-AX68U (with Merlin cake SQM) Asuswrt-Merlin 9
Coldblackice Does ASUS Merlin's QoS consider DSCP? Asuswrt-Merlin 6
H Solved xbox one not able to sign in when connected through router running asuswrt-merlin on an rt-ac5300. Asuswrt-Merlin 5

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 636 (members: 31, guests: 605)
Top