mimosa67 1 Posted ... I normally use AirVPN with openvpn in my computer, with openresolv to allow openvpn to connect to the server then change the DNS so it is tunnelled through the VPN connection. The openvpn config file I downloaded specifies a country, not a particular server, so DNS resolution is needed initially to make the connection. However I am interested in putting the VPN inside a router instead, and I have been experimenting. Looking at the instructions for ddrwt and here:https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses/ it seems it will not be possible to continue using my existing per-country configuration, as I need to give a specific IP address, ie choose just one server (and edit the .ovpn file accordingly). At the moment, I am using an OpenNIC DNS server in parallel with the VPN one instead, but I'd rather not continue to do this. Am I right in thinking each query goes to both DNS servers (rather than using the second one only if the first doesn't return an IP address)? Is there a way to select a country or region, rather than a specific AirVPN server, in this situation? I want to continue using openvpn manually as I understand and trust this method. I am also more familiar with the command line (ssh into the router) than LEDE/OpenWRT, which is new to me. Quote Share this post Link to post
mimosa67 1 Posted ... To put my question more succinctly (my only justification for bumping): how can I best ensure DNS queries are sent through the VPN tunnel, if I am running AirVPN on a router? In a desktop, I use resolvconf to achieve this. The VPN server IP is initially resolved by my ISP's DNS server. Once the VPN connection is up, queries are routed through it. Quote Share this post Link to post
go558a83nk 364 Posted ... dd-wrt doesn't have an option to switch to DNS of the VPN upon connection? tomato does, so does merlin-asus. point is, you know the DNS request is going through the VPN tunnel if you're using 10.x.0.1 for DNS server. Or, if dd-wrt has policy routing you can create rules such that any traffic to DNS servers you specify (opennic) have to go through the VPN tunnel. Quote Share this post Link to post
mimosa67 1 Posted ... you know the DNS request is going through the VPN tunnel if you're using 10.x.0.1 for DNS server.But then how does the router connect to the VPN in the first place? The dd-rwt howto recommends using the IP address of a single server in the .ovpn file, so no DNS resolution is required. But isn't there a way round that, just as there is with a desktop computer (using openresolv)? As I said above, I am using OpenWRT, not dd-wrt, but I looked at the howto for that. The details are surely different, but the situation and basic principles must be the same. if dd-wrt has policy routing you can create rules such that any traffic to DNS servers you specify (opennic) have to go through the VPN tunnel.That sounds like a possible answer to the problem. So how do you do that? In case it is not obvious, I should perhaps say I am new to this. This is my first attempt at making a VPN router. Using AirVPN with openvpn on a Linux desktop is so straightforward that doing so for a year or two has taught me next to nothing about networking. Quote Share this post Link to post
go558a83nk 364 Posted ... you know the DNS request is going through the VPN tunnel if you're using 10.x.0.1 for DNS server.But then how does the router connect to the VPN in the first place? The dd-rwt howto recommends using the IP address of a single server in the .ovpn file, so no DNS resolution is required. But isn't there a way round that, just as there is with a desktop computer (using openresolv)? As I said above, I am using OpenWRT, not dd-wrt, but I looked at the howto for that. The details are surely different, but the situation and basic principles must be the same. >if dd-wrt has policy routing you can create rules such that any traffic to DNS servers you specify (opennic) have to go through the VPN tunnel.That sounds like a possible answer to the problem. So how do you do that? In case it is not obvious, I should perhaps say I am new to this. This is my first attempt at making a VPN router. Using AirVPN with openvpn on a Linux desktop is so straightforward that doing so for a year or two has taught me next to nothing about networking. I'm unfamiliar with dd-wrt so I'm not much practical help, just idea help. My point is re 10.x.0.1 is that you wouldn't need to do anything special to force DNS requests to that address through the tunnel because through the tunnel is the only way it can be reached. I understand that using only that IP as DNS prevents you from resolving the country address when the tunnel isn't up. If dd-wrt doesn't support policy routing or a way to switch DNS to VPN DNS, then my suggestion is to search for the best current tomato distribution and use that, for I know it has an option to switch DNS to the VPN. That was years ago when I used it, so I'm no help now. Or, if you have an Asus router, use merlin-asus firmware. Quote Share this post Link to post