SSID for VPN - Does not use VPN's DNS

[vino-vino]

Hello,

I've spent a couple of hours searching through posts for an answer to this, but can't quite find the answer.

I use expressvpn and set up a client on my router (RT-AC68U).
I set the 'Accept DNS' setting to 'Exclusive' then setup a policy rule to have one device use the VPN Client.

This all worked perfectly - I was using the IP from the VPN and also using the VPNs DNS servers. So far, so great!

Next step - I wanted to set up one of the guest networks to have everything connected on it use the VPN client. I followed the excellent guide here:

https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN.

And, following an old post I also updated the VPN client settings to:

• Create NAT on tunnel = No - otherwise a route is created for all traffic
• Redirect Internet traffic = Policy rules - no rules to be added in the GUI - all will happen by the script

When I run the script and connect to the guest network I find that my device:

• Gets an IP from the VPN - great!
• Uses the DNS server from the Router - not great (for me - I want to use the VPN DNS).

I guess the script is overriding the DNS setting somehow, but I'm too unskilled to figure out how to fix it.
Any help would be greatly appreciated.

I include a little debug info that might be helpful:

cat /etc/openvpn/dns/client1.resolv
server=10.149.0.1


cat /etc/openvpn/fw/client1-dns.sh
#!/bin/sh
/usr/sbin/iptables -t nat -N DNSVPN1
/usr/sbin/iptables -t nat -I PREROUTING -p udp -m udp --dport 53 -j DNSVPN1
/usr/sbin/iptables -t nat -I PREROUTING -p tcp -m tcp --dport 53 -j DNSVPN1


cat /etc/openvpn/fw/client1-fw.sh
#!/bin/sh
iptables -I OVPN -i tun11 -j DROP
iptables -t mangle -I PREROUTING -i tun11 -j MARK --set-mark 0x01/0x7
for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
echo 0 > $i
done