VPN privacy/dns leak/dns over tls diversion question

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Dee dee

Regular Contributor
I have dns over tls setup with Google's dns.

I have diversion and skynet installed and have the sites I want to block added to diversion and are blocked in chrome(with a hsts error, unsure what that means).

I have my openvpn accept dns configuration set to disabled to disabled to allow diversion to work.

I set the custom configuration option as such
dhcp-option DNS 8.8.8.8


Now, am I totally secure on using a device through my vpn anonymously or is the (leaking) to Google's dns in dnsleak.com a security risk and should I use nordvpn dns server as the dhcp-option?

Sorry for my long post and happy new year to all.

Sent from my SM-A505U1 using Tapatalk
 

skeal

Part of the Furniture
I set the custom configuration option as such
dhcp-option DNS 8.8.8.8
Remove this and you're golden! You don't need it, you are using your router's DNS by setting accept dns configuration disabled.
 

skeal

Part of the Furniture
Also, DNS Filter should be on and set to router. Nothing else is required there.
 

Dee dee

Regular Contributor
Thanks, I removed that line.

So I don't have to add the custom device I want secured through openvpn added to the list per this picture.
20200101_090823.jpg
 

skeal

Part of the Furniture
Thanks, I removed that line.

So I don't have to add the custom device I want secured through openvpn added to the list per this picture.View attachment 20602
You don't need anything below the setting "Router" leave everything else blank.
 

skeal

Part of the Furniture
Remove the devices. They are not needed.
 

skeal

Part of the Furniture
Make sure you add the devices you want routed through the VPN client, in the policy rules area, of the VPN client.
 

skeal

Part of the Furniture
Understood, so even if I am still getting the below its secure correct it can't be traced back through dns requests correct?
Yes, if Google DNS is your preference, do you have Google DNS selected in DoT settings?
 

Dee dee

Regular Contributor
Lastly,Also my static dhcp list looks like this but my router still remembers the devices I put in before, I believe this happened after either upgrading to 384.14 or enabling dns over tls.
The only way to fix this is to reset my router to scratch and redo all these 1 by 1 right
 

Attachments

skeal

Part of the Furniture
Lastly,Also my static dhcp list looks like this but my router still remembers the devices I put in before, I believe this happened after either upgrading to 384.14 or enabling dns over tls.
The only way to fix this is to reset my router to scratch and redo all these 1 by 1 right
You could try to add them again and see what happens, I see no reason for a reset yet.
 

skeal

Part of the Furniture
Yes I do. Should I be using nordvpns custom dns unsure if I can see what that is for that server or is it secure enough using google or should I use cloudflare?
Depending on where you are in the world, my preference is cloudflare because they don't share logs. Google may and you wouldn't know.
 

skeal

Part of the Furniture
But oddly my entries are still saved and still remembered when I goto openvpn custom devices on the bottom(weird)
There were changes to the hostname setup on some routers and that's where the issue came from.
 

Marin

Very Senior Member
Yes I do. Should I be using nordvpns custom dns unsure if I can see what that is for that server or is it secure enough using google or should I use cloudflare?
Yes you can use NordVPN’s servers under “Connect to....automatically” setting changed to “No”. Or, you could use those from Cloudflare (1.1.1.1/1.0.0.1).

Choose your DOT setting to be “Strict”

Then further below choose the Cloudflare servers as your DOT servers (or any other ones on the pull down menu for that matter).


Sent from my iPhone using Tapatalk
 

Dee dee

Regular Contributor
Yes you can use NordVPN’s servers under “Connect to....automatically” setting changed to “No”. Or, you could use those from Cloudflare (1.1.1.1/1.0.0.1).

Choose your DOT setting to be “Strict”

Then further below choose the Cloudflare servers as your DOT servers (or any other ones on the pull down menu for that matter).


Sent from my iPhone using Tapatalk
If I do the dot to strict doesn't it bypass diversion?
 

skeal

Part of the Furniture
What can I do to get them back?
Usually if you have your jffs backed up you can restore the nvram values you need back.
 

skeal

Part of the Furniture

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top