1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN Question

Discussion in 'Asuswrt-Merlin' started by vpn4life, Mar 14, 2019 at 3:00 PM.

  1. vpn4life

    vpn4life New Around Here

    Joined:
    Thursday
    Messages:
    2
    I want to know how merlin got the dns to work automatically in the openconfig. I had a 86u, setting it up with the openvpn config files was super easy and you would get your ip and dns automatically served from your vpn provider without issues. In the pursuit of performance I switched to a custom box. I have tried both pfsense and untangle with expressvpn and cannot for the life of me get their dns to ever work, I get dns leaks per se. How did you do it?
     
  2. L&LD

    L&LD Part of the Furniture

    Joined:
    Dec 9, 2013
    Messages:
    7,458
    Magic! :D:D:D
     
  3. john9527

    john9527 Part of the Furniture

    Joined:
    Mar 28, 2014
    Messages:
    6,064
    Location:
    United States
    It's handled in one of Merlin's scripts. When I was experimenting with pfsense I tried to port it over, but some of the code wasn't compatible with the FreeBSD shell, and I never got back to it.
     
    st3v3n and L&LD like this.
  4. vpn4life

    vpn4life New Around Here

    Joined:
    Thursday
    Messages:
    2
    Is there no workaround? I've messaged expressvpn and they wont give me their dns listening addresses. The only DNS they provide openly is for streaming devices and game consoles. I'm honestly considering dropping express, and thinking of mullvad with wireshark, or protonvpn. To me, a dns leak is a big deal.
     
  5. st3v3n

    st3v3n Senior Member

    Joined:
    Feb 24, 2016
    Messages:
    481
    Location:
    Central US
    (L&LD, Magic, indeed. I believe in Magic, as released in '65 by the Lovin Spoonful.

    vpn4, you could always try to ask Merlin for the secrets to the magic DNS sauce:) Rather than messaging Express, you might try to restate your issue to company management. Without a better description of your configuration and systems setup, it's not likely Express is the cause of the DNS leaks you're experiencing. Anything's possible but they'd know if they were leaking. If you're using the Express app or client configs, they'd know if that was causing. Your post opens the deep, dark VPN rabbit-hole.

    Most VPNs are sensitive to their customer's issues, but have no control over router, system or device configuration problems which are where most DNS leaks originate (browser also contribute to leaks). VPNs want to protect their company infrastructure and customer's bits and bytes. If a provider mishandles customer's traffic, they'll lose those customers, hardly in their or their customer's best interests. Mitnick wannabes, script kiddies and the ever-growing legions of hostile state hackers and common crooks have always loved misusing the same VPNs everyone else now uses, only they still like paying with stolen financial data, an old story. There aren't as many quality, verifiable domestic VPN providers in free countries as there once were; none exit in Putin's Russia or in their best friends list, nor in red china or other like-minded controlled states, where all VPNs are outlawed. Detection of any attempted use of non-state controlled VPN apps have resulted in quite a few arrests and disappearances.

    In many countries state agents present security letters or warrants to a VPN owner, along with an gag order never to reveal their plight. Regardless of countless promises made by all VPNs to their customers, to end or relocate their business rather than compromise customer's privacy, never monitoring traffic, etc, VPNs aren't a silver bullet. No owner will risk immediate arrest and imprisonment, with an indefinite cramped prison lifestyle, camping with a new large, lonely cellmate. Customers may not learn of an incident for many years, if ever. The other VPNs you mention have their fans and a decent reputation. Any service advertising world-wide virtual servers is questionable so perform research before you really leave Express. It's difficult to locate most VPN's CEOs (they like their privacy too, even the legitimate guys), in order to sent them a proper letter to further explain your issues.

    Your situation seems complicated, but remain thankful you're not trying to exist in Venezuela. Their electrical grid failed catastrophically two weeks ago with no power, internet or other forms of communications services. No fuel is reaching the population, though a few news outlets are risking their sat-phones driving around to uplink video recorded by non-transmitting smart-phones (no cell service). All their electronics are recharged by their car or a small portable solar panel, and no adequate sanitary conditions exist anywhere. Except for the small amount of food and water the news folk bring in with them for their needs, no food, water, medicine, hospital or other medical services are available. An active war zone elsewhere isn't equal to the instant devastation that a complete power grid collapse brings to an otherwise modern country. An EMP attack as depicted in the novel, 'One Second After' would be the only way short of nuclear war, to send a 21st century country back to the dark ages, with the same amount of anarchy. Not a rant, and best of luck resolving your DNS leaks.
     
    Last edited: Mar 16, 2019 at 6:57 AM
    L&LD likes this.
  6. umarmung

    umarmung Senior Member

    Joined:
    Apr 21, 2018
    Messages:
    230
    This is a relatively easy problem to fix. You do not have to use your provider's DNS. You can (should) use dnscrypt or other encrypted DNS options like DNS-over-TLS these days. That will work with any VPN service, ISP or your own VPS.

    Trickier problems are things like kill switches or failover ...
     
    Last edited: Mar 16, 2019 at 4:15 PM