Policy based routing, dns issue.

[Netnotworking]

Hi,

This is my first post on the forums, I recently bought a ASUS AC86U to use for with OpenVPN, however I am having an issue and wondered if I am just making a rookie mistake.

I have the VPN working fine and the router set to the following;

Connect to DNS Server automatically - no, using cloud flare dns servers for none vpn traffic.

In VPN settings;
Accept DNS Configuration - Exclusive
Policy rules - strict
Block routed clients - yes

I have set a rule to try and get apple push notifications working when connected to the vpn;

Source ip 192.168.x.x destination ip 17.0.0.0/8 Iface WAN

After reading the wiki I assumed once set to Exclusive even though I have asked some traffic to bypass the vpn that my dns queries would still come through the VPNs dns server rather than my routers as this is the safest option. When looking on dns leak I see cloudflares dns servers when I have this rule enabled.

What am I doing wrong?

 

[Netnotworking]

As a follow up to this question can anyone help me with the following;

I am noticing that IOS devices and Android devices that are on the VPN full time have various issues with push notifications either not coming through or taking a long time. I could run the VPN software for these devices when and if I need them but that doesn’t seem like the safest option. Looking into this it would seem that there isn’t much I can do about the push notifications.

Since having the AC86u I have also had issues with Alexa and hue devices not carrying out commands, these devices should just be going through the network as normal.

‘I am new to internet privacy and VPN in general but for local network devices that are using a vpn, do I need to do anything special for them to be able to interact with other clients on the network that don’t go through the tunnel or should this make no difference as this is lan and not wan?