Policy Rules and VPN, DNS leaks

[bob bart]

I have the Asus RT-AC68U with Merlin 380.59. When a OpenVPN is configured, without policy rules, the VPN will report the DNS address the same as the IP connected address. This same event occurs when you use the windows torguard lite client Application. So far so good.

When you initiate the policy rules and have the VPN directed to specific IP addresses, the DNS address under dnsleak.com (and other sites) will show from 5-8 different DNS sites. These are not hosted by the ISP. This will occur even if I used set retrictions to Exclusive/Strict for DNS in the OpenVPN.

What I believe is happening is that the policy rules allows some break in the tunnel where the DNS is comming from locations outside but when I do not use any policy rules, the DNS is comming from the site I am connected.

And yes, I have changed nearly every DNS address in the router with the same address. The connect IP address is the same in either case, but the path shows more DNS addresses with the policy added.

I have seen some other posts mention this issue..but I dont know if this will be fixed in a later version

 

[L&LD]

'Strict' doesn't work as you think it should. Basically, do not use it.

Have you rebooted the network(s) and attached/tested devices after changing settings?

 

[sfx2000]

I have the Asus RT-AC68U with Merlin 380.59. When a OpenVPN is configured, without policy rules, the VPN will report the DNS address the same as the IP connected address. This same event occurs when you use the windows torguard lite client Application. So far so good.

VPN does not guarantee privacy at the network layer... and most folks are confused about this, and the VPN vendors don't help much here...

 

[john9527]

Be aware that Parental Controls/DNS Filter will fight with the VPN DNS settings (and in most, if not all cases win...I'd have to look at the code again to double check if its all cases). If you are using DNS Filter, make sure that your VPN clients are set to no filtering.

 

[bob bart]

Be aware that Parental Controls/DNS Filter will fight with the VPN DNS settings (and in most, if not all cases win...I'd have to look at the code again to double check if its all cases). If you are using DNS Filter, make sure that your VPN clients are set to no filtering.

yes, thanks. I did the no filtering and it did not work. So, the issue is that when I do not use "Redirect Internet Traffic", and under that set it to policy rules, I dont have any issues. It works Great.

But when I do change it to Policy rules, then I get the DNS trouble. Now, the only reason I do this is because there is another check box that allows me to have the networked killed if the VPN client goes down. I would like to see that check box regardless if I redirect internet traffic or not. This router is only used for VPN, so all I really care about is about the "kill switch" you get under the policy rules.

My only way around the issue is to have the NAT turned off, so when the VPN goes down, the lack of NAT kills the Non VPN traffic. But I kind of like the kill switch instead.

Why do I think this is an issue, because when I used the Policy rules, my ISP had a warning message in my browser saying some bot or malware was running in my house. I never got that when I did not use the redirect internet traffic because the VPN DNS never leaked.

Maybe just have the killed switch always available regardless of redirect internet traffic.

bob