Solved OpenVPN Server Leaks DNS by defualt

evilonod

New Around Here
I struggled trying to figure out why the openvpn server in 386.7_2 (and previous) causes clients to leak DNS requests by default. It doesn't have to.

All you need to do is set "Advertise DNS to Clients" in the VPN Server but you have to select Advanced Settings.

I'm not sure why this option in the firmware isn't set that way by default.
 

RMerlin

Asuswrt-Merlin dev
I'm not sure why this option in the firmware isn't set that way by default.
Because most people are remotely connecting to their router to get LAN access while outside of home, not to get their Internet access redirected through their home. This is the most common usage scenario for a VPN, therefore the default setting is chosen to reflect that.
 

GSpock

Senior Member
Because most people are remotely connecting to their router to get LAN access while outside of home, not to get their Internet access redirected through their home. This is the most common usage scenario for a VPN, therefore the default setting is chosen to reflect that.
... and what happens in this case (.i.e. "get LAN access while outside of home, not to get their Internet access redirected through their home")
when "Advertise DNS to Clients" is set to Yes ? Do you mean it should be set to No ?
Thx
 

RMerlin

Asuswrt-Merlin dev
... and what happens in this case (.i.e. "get LAN access while outside of home, not to get their Internet access redirected through their home")
when "Advertise DNS to Clients" is set to Yes ? Do you mean it should be set to No ?
Thx
It depends. If you need to be able to resolve LAN hostnames AND you aren't using a weird DNS configuration, then you can set it to Yes. Otherwise, leave it to No.
 

evilonod

New Around Here
Thanks for the clarification. I'm using the server in Merlin to do both, access LAN from afar, and also redirect back out. It's useful in certain situations.

One suggestion might be to open up yellow suggestion text to select "Advertise DNS to Clients" = Yes when "Client will use VPN to access" = both is selected.
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top