What's new

VPN privacy/dns leak/dns over tls diversion question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Dee dee

Regular Contributor
I have dns over tls setup with Google's dns.

I have diversion and skynet installed and have the sites I want to block added to diversion and are blocked in chrome(with a hsts error, unsure what that means).

I have my openvpn accept dns configuration set to disabled to disabled to allow diversion to work.

I set the custom configuration option as such
dhcp-option DNS 8.8.8.8


Now, am I totally secure on using a device through my vpn anonymously or is the (leaking) to Google's dns in dnsleak.com a security risk and should I use nordvpn dns server as the dhcp-option?

Sorry for my long post and happy new year to all.

Sent from my SM-A505U1 using Tapatalk
 
I set the custom configuration option as such
dhcp-option DNS 8.8.8.8
Remove this and you're golden! You don't need it, you are using your router's DNS by setting accept dns configuration disabled.
 
Also, DNS Filter should be on and set to router. Nothing else is required there.
 
Thanks, I removed that line.

So I don't have to add the custom device I want secured through openvpn added to the list per this picture.
20200101_090823.jpg
 
Thanks, I removed that line.

So I don't have to add the custom device I want secured through openvpn added to the list per this picture.View attachment 20602
You don't need anything below the setting "Router" leave everything else blank.
 
Remove the devices. They are not needed.
 
Make sure you add the devices you want routed through the VPN client, in the policy rules area, of the VPN client.
 
Understood, so even if I am still getting the below its secure correct it can't be traced back through dns requests correct?
 

Attachments

  • 20200101_091231.jpg
    20200101_091231.jpg
    34.7 KB · Views: 300
Understood, so even if I am still getting the below its secure correct it can't be traced back through dns requests correct?
Yes, if Google DNS is your preference, do you have Google DNS selected in DoT settings?
 
Lastly,Also my static dhcp list looks like this but my router still remembers the devices I put in before, I believe this happened after either upgrading to 384.14 or enabling dns over tls.
The only way to fix this is to reset my router to scratch and redo all these 1 by 1 right
 

Attachments

  • 20200101_091538.jpg
    20200101_091538.jpg
    64 KB · Views: 356
Lastly,Also my static dhcp list looks like this but my router still remembers the devices I put in before, I believe this happened after either upgrading to 384.14 or enabling dns over tls.
The only way to fix this is to reset my router to scratch and redo all these 1 by 1 right
You could try to add them again and see what happens, I see no reason for a reset yet.
 
Yes, if Google DNS is your preference, do you have Google DNS selected in DoT settings?
Yes I do. Should I be using nordvpns custom dns unsure if I can see what that is for that server or is it secure enough using google or should I use cloudflare?
 

Attachments

  • 20200101_092011.jpg
    20200101_092011.jpg
    52.1 KB · Views: 301
Yes I do. Should I be using nordvpns custom dns unsure if I can see what that is for that server or is it secure enough using google or should I use cloudflare?
Depending on where you are in the world, my preference is cloudflare because they don't share logs. Google may and you wouldn't know.
 
But oddly my entries are still saved and still remembered when I goto openvpn custom devices on the bottom(weird)
There were changes to the hostname setup on some routers and that's where the issue came from.
 
Yes I do. Should I be using nordvpns custom dns unsure if I can see what that is for that server or is it secure enough using google or should I use cloudflare?

Yes you can use NordVPN’s servers under “Connect to....automatically” setting changed to “No”. Or, you could use those from Cloudflare (1.1.1.1/1.0.0.1).

Choose your DOT setting to be “Strict”

Then further below choose the Cloudflare servers as your DOT servers (or any other ones on the pull down menu for that matter).


Sent from my iPhone using Tapatalk
 
Yes you can use NordVPN’s servers under “Connect to....automatically” setting changed to “No”. Or, you could use those from Cloudflare (1.1.1.1/1.0.0.1).

Choose your DOT setting to be “Strict”

Then further below choose the Cloudflare servers as your DOT servers (or any other ones on the pull down menu for that matter).


Sent from my iPhone using Tapatalk
If I do the dot to strict doesn't it bypass diversion?
 
What can I do to get them back?
Usually if you have your jffs backed up you can restore the nvram values you need back.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top