Solved VPN using Exclusive DNS still queries default ISP servers (RT-AC86U + 386.4)

[Deleted member 77025]

im using exclusive and rout all + killswitch, any other config just gets you a dns leak with a vpn (since 686.4 beta till stable).

 

[csj97229]

In addition to setting the "Accept DNS" setting to "Disabled", I ended up scripting up a monitor that runs every few minutes (using 'cru', created/deleted by the vpnclient-event script as appropriate) to detect when the VPN is reachable. If the status changes, then it adds or removes the server=/xyz.org/10.8.0.1 from dnsmasq.conf.add and restarts dnsmasq. This way clients can still access the public-facing xyz.org servers when the VPN goes down and can access both external and internal xyz.org servers while the VPN is up.

> And people need to start learning to read the documentation, quite frankly. It's explained right on the webui:

Fair enough. I did read the pop-up and parsed it as: "Exclusive = use only these servers for all queries from clients [which are able to be] routed through the tunnel."

...instead of: "Exclusive = use only these servers for all queries from clients [which are forced to be] routed through the tunnel."

Which I realize doesn't make much sense, but since I'm routing based on routes pushed from the server rather than using VPN Director or "Redirect Internet traffic", I didn't consider those as being part of the equation.