Diversion Issues with Diversion

Chewie420

Regular Contributor
I am struggling to get Diversion to block ads on my RT-AX88U. I have it installed and enabled by no luck getting ads to block.

I am using a VPN service as well as Yazfi to manage the subnet ips.

I have been having a lot of issues and I am not even sure where to start. I did have it working but then I must have changed something to make it stop and I guess I don't understand enough to get it working again.

I have tried uninstalling and re-installing with no luck. I also can now only access my router GUI by using IP and not router.asus.com.

Really lost here guys so any help would be greatly apricated.
 

Chewie420

Regular Contributor
so I figured out the setting that is causing the issue but I am not smart enough to get it working the way I want.

I found that if I change the VPN Client setting - Accept DNS Configuration to "None" Diversion work and I can block ads.
The issue is now I have a DNS leak.

If I change the Accept DNS Configuration to Exclusive it fixed the DNS leak but breaks ad blocking.

I am guessing this is the way it works but I don't get how to fix it as directed with Policy Rules. Can someone help me out?
 

SomeWhereOverTheRainBow

Part of the Furniture
so I figured out the setting that is causing the issue but I am not smart enough to get it working the way I want.

I found that if I change the VPN Client setting - Accept DNS Configuration to "None" Diversion work and I can block ads.
The issue is now I have a DNS leak.

If I change the Accept DNS Configuration to Exclusive it fixed the DNS leak but breaks ad blocking.

I am guessing this is the way it works but I don't get how to fix it as directed with Policy Rules. Can someone help me out?
have you tried relaxed?
 

SomeWhereOverTheRainBow

Part of the Furniture
so I figured out the setting that is causing the issue but I am not smart enough to get it working the way I want.

I found that if I change the VPN Client setting - Accept DNS Configuration to "None" Diversion work and I can block ads.
The issue is now I have a DNS leak.

If I change the Accept DNS Configuration to Exclusive it fixed the DNS leak but breaks ad blocking.

I am guessing this is the way it works but I don't get how to fix it as directed with Policy Rules. Can someone help me out?
you need to use "strict" or "relaxed", specifically speaking "strict" being more incline to use the VPN servers DNS, but will fall back to router if VPN DNS is unavailable at the time the query is made.(this will still allow the use of diversion since vpn servers rely on entries in dnsmasq).
In regards to "relaxed", it uses a combination of the routers DNS servers and the VPN's DNS servers with no specific scrutiny to which one gets used first since any may be used at any time. (this will still allow the use of diversion since vpn servers rely in entries in dnsmasq).
In regards to "Exclusive" , the reason why diversion fails is because Exlusive option relies on the DNS that is PUSHED to the clients by the VPN server. DNSmasq gets completely skipped per client connected to the VPN.
In regards to "None", this is similar to relaxed, but your vpn servers dns is not added to dnsmasq server entries. You only use your routers wan dns server entries.
 

Chewie420

Regular Contributor
I can use strict but I was hoping to also have my DNS leak issue fixed for devices connected to my VPN.
 

SomeWhereOverTheRainBow

Part of the Furniture
I can use strict but I was hoping to also have my DNS leak issue fixed for devices connected to my VPN.
You could policy define your router "itself" traffic to go via way of VPN, then use STRICT. this will ensure your VPN DNS and the Fall back DNS are always routed through the VPN tunnel. ergo no leaks. at least not on your end of the tunnel. You could also simply use the routers DoT, with the router "itself" to travel via vpn with the previous mentioned policy. In this instance you would set the option to "NONE"
 

SomeWhereOverTheRainBow

Part of the Furniture
I can use strict but I was hoping to also have my DNS leak issue fixed for devices connected to my VPN.
here is a bit of information you may have over looked in regards to your "leak".

1651799158969.png
 

SomeWhereOverTheRainBow

Part of the Furniture
So I can’t use 192.168.1.0/24 for a filter it has to be done for each device separately
If you are sending all router and client traffic through the VPN with 192.168.1.0/24, then there should be no DNS leak if you use strict or relaxed, because the DNS server should be representing a geolocation near the VPN server. This shows that the traffic while in the tunnel, cannot be easily snooped from the outside and exits at the VPN servers IP on the other end. (basically they cannot easily identify it as you.)
 

Chewie420

Regular Contributor
You could policy define your router "itself" traffic to go via way of VPN, then use STRICT. this will ensure your VPN DNS and the Fall back DNS are always routed through the VPN tunnel. ergo no leaks. at least not on your end of the tunnel. You could also simply use the routers DoT, with the router "itself" to travel via vpn with the previous mentioned policy. In this instance you would set the option to "NONE"
Using VPN Director I added a rule for 192.168.5.1 (Router IP) and 192.168.5.0/24 to use VPN and set Accept DNS Configuration to "Strict" still getting the same results and showing the DNS in my WAN settings and not my VPN DNS.

The only way I can get the DNS leak test to show my VPN provider it to set it to Exclusive.

I also tried setting the DoT with the router and set to None but it still shows WAN DNS servers. Is this normal? Is there a way to see if DoT is actually working if this is normal?
 

SomeWhereOverTheRainBow

Part of the Furniture
Using VPN Director I added a rule for 192.168.5.1 (Router IP) and 192.168.5.0/24 to use VPN and set Accept DNS Configuration to "Strict" still getting the same results and showing the DNS in my WAN settings and not my VPN DNS.

The only way I can get the DNS leak test to show my VPN provider it to set it to Exclusive.

I also tried setting the DoT with the router and set to None but it still shows WAN DNS servers. Is this normal? Is there a way to see if DoT is actually working if this is normal?
Set it to "strict", enable dnsfilter pointed at globally at router.
 

Chewie420

Regular Contributor
Ok I have DoT enabled and I have set to strict. Diversion is working as well. Is that ok or should I have DoT Disabled if using strict

Thanks again for all your help on this!
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top