VPN and guest network

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

KevinJ09

New Around Here
Hey, so I really need some help
I am trying to allow my PC to use my ISP and my other devices to use my VPN (I am using ExpressVPN) but when I create the policy I get a DNS leak, so I tried using yazfi and enabled a guest network so my other devices could go through that. But I can’t turn off the client for my main network without it impacting my guest network
There was some other posts that might be able to help with this, but frankly I understood nothing, it took my long enough to just get yazfi installed...
If anyone could help I would really appreciate it
I am using an AC66U b1 with merlin
 

eibgrad

Very Senior Member
Given the original problem was a DNS leak, let's try to address that directly rather than find a workaround based on a guest network and have yet something else to debug.

What many ppl don't realize is that when you enable PBR (policy based routing), that takes the router itself *off* the VPN. And if it happens the router does NOT bind any *public* DNS servers pushed by the VPN provider to the VPN, they will accessed over the WAN instead, hence a DNS leak.

The easiest solution I find is to configure the WAN w/ static public DNS servers (e.g., 1.1.1.1, 1.0.0.1), so you never use the ISP's DNS servers, then add those same DNS servers as route directives to the Custom Config field of the OpenVPN client.
Code:
route 1.1.1.1 255.255.255.255 vpn_gateway
route 1.0.0.1 255.255.255.255 vpn_gateway


Finally, configure "Accept DNS configuration" on the OpenVPN client as Disabled.

Net result? When the VPN is inactive, all access to DNS is w/ 1.1.1.1/1.0.0.1 over the WAN. When the VPN is active, all access to DNS is w/ 1.1.1.1/1.0.0.1 over VPN.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top