What's new

Solved OpenVPN Server Leaks DNS by defualt

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

evilonod

New Around Here
I struggled trying to figure out why the openvpn server in 386.7_2 (and previous) causes clients to leak DNS requests by default. It doesn't have to.

All you need to do is set "Advertise DNS to Clients" in the VPN Server but you have to select Advanced Settings.

I'm not sure why this option in the firmware isn't set that way by default.
 
I'm not sure why this option in the firmware isn't set that way by default.
Because most people are remotely connecting to their router to get LAN access while outside of home, not to get their Internet access redirected through their home. This is the most common usage scenario for a VPN, therefore the default setting is chosen to reflect that.
 
Because most people are remotely connecting to their router to get LAN access while outside of home, not to get their Internet access redirected through their home. This is the most common usage scenario for a VPN, therefore the default setting is chosen to reflect that.
... and what happens in this case (.i.e. "get LAN access while outside of home, not to get their Internet access redirected through their home")
when "Advertise DNS to Clients" is set to Yes ? Do you mean it should be set to No ?
Thx
 
... and what happens in this case (.i.e. "get LAN access while outside of home, not to get their Internet access redirected through their home")
when "Advertise DNS to Clients" is set to Yes ? Do you mean it should be set to No ?
Thx
It depends. If you need to be able to resolve LAN hostnames AND you aren't using a weird DNS configuration, then you can set it to Yes. Otherwise, leave it to No.
 
Thanks for the clarification. I'm using the server in Merlin to do both, access LAN from afar, and also redirect back out. It's useful in certain situations.

One suggestion might be to open up yellow suggestion text to select "Advertise DNS to Clients" = Yes when "Client will use VPN to access" = both is selected.
 
Last edited:

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top