Jump to content
Not connected, Your IP: 3.234.212.253
mazurka7

AirVPN DNS setup in Asus router problem

Recommended Posts

This issue occurs with the latest Asus-Merlin firmware 386.5 as well as recent betas and the previous version. When 10.4.0.1 is entered for the first DNS entry and an alternative DNS IP used for the secondary entry under the [WAN] tab, the router detects that the Internet is Disconnected. This is following the AirVPN How-to tutorial at Using AirVPN with Asus router

WAN.jpg.c06b8f60bd3b52739f0a652bccb7fa33.jpg

DNSDis.jpg.f8f81bab98180808344538804650f9bb.jpg

However, if any of the preset DNS entries for Server 1  were used (using the dropdown menu), the router's Internet Status shows properly connected. Server 2 entry does not seem to matter.

Would appreciate any help in this.

 

Share this post


Link to post

for Asus merlin set WAN DNS to something other than the VPN DNS (10.4.0.1) and in the openvpn configuration set the DNS setting to exclusive.  Then it'll switch to VPN DNS when the VPN connects.

10.4.0.1 won't work unless you're connected to VPN because 10.4.0.1 is only accessible through the VPN not from public.

Share this post


Link to post
17 hours ago, go558a83nk said:

for Asus merlin set WAN DNS to something other than the VPN DNS (10.4.0.1) and in the openvpn configuration set the DNS setting to exclusive.  Then it'll switch to VPN DNS when the VPN connects.

10.4.0.1 won't work unless you're connected to VPN because 10.4.0.1 is only accessible through the VPN not from public.


Thanks. That explains and confirms my findings. Your prior reply to a similar problem has been hugely helpful in my search as well.  :good:
That said, I am still puzzled by the reasoning behind AirVPN's advice to put 10.4.0.1 for WAN DNS as it seems that while it works partially (using IP instead of domain for AirVPN server), it breaks the router's Network monitoring function. Is there any justification for this?

Share this post


Link to post
1 hour ago, mazurka7 said:

Thanks. That explains and confirms my findings. Your prior reply to a similar problem has been hugely helpful in my search as well.  :good:
That said, I am still puzzled by the reasoning behind AirVPN's advice to put 10.4.0.1 for WAN DNS as it seems that while it works partially (using IP instead of domain for AirVPN server), it breaks the router's Network monitoring function. Is there any justification for this?


*if* you're using IP address in the VPN server field instead of a domain then putting 10.4.0.1 in the WAN DNS setting might be OK.  Because there's no domain to resolve the router doesn't need to reach 10.4.0.1 prior to connection.

Share this post


Link to post

Damn it this same issue was driving me frikkin crazy. I had to roll back to 386.3_2. The reasoning behind setting the DNS to Air's internal DNS is to create an extra layer of security for leaks in case of tunnel failure. It's actually quite popular. However, it causes some issues. Ex. if you use a domain name for NTP then VPN connection will fail after a reboot. I actually feel more secure with Air's DNS hardcoded in. Any thoughts?

Share this post


Link to post

If you're using merlin asus and set the openvpn config in policy routing mode there's an option to not allow traffic if the VPN goes down.

I'd use policy routing mode, set the DNS option in the openvpn config to exclusive and not put AirDNS in the WAN settings.

Share this post


Link to post
On 3/10/2022 at 7:55 AM, go558a83nk said:


*if* you're using IP address in the VPN server field instead of a domain then putting 10.4.0.1 in the WAN DNS setting might be OK.  Because there's no domain to resolve the router doesn't need to reach 10.4.0.1 prior to connection.

Would you know why AirVPN do not provide their own public DNS servers for users instead of 10.4.0.1 and 10.5.0.1 unlike many other VPN providers? I'm just wondering whether there is some advantage to this approach.

Share this post


Link to post
1 hour ago, mazurka7 said:

Would you know why AirVPN do not provide their own public DNS servers for users instead of 10.4.0.1 and 10.5.0.1 unlike many other VPN providers? I'm just wondering whether there is some advantage to this approach.
Of course the advantage is that 10.4.0.1 can only be reached over AIrVPN, meaning that all your DNS queries and replies are encrypted like everything else going over the VPN.  The public DNS system uses queries and replies that are unencrypted, and in at least one country of some 330m population, the odds are high that queries are logged by your ISP so it can sell the log to advertisers.  The Air approach is for your privacy.

Share this post


Link to post
20 hours ago, mazurka7 said:

Would you know why AirVPN do not provide their own public DNS servers for users instead of 10.4.0.1 and 10.5.0.1 unlike many other VPN providers? I'm just wondering whether there is some advantage to this approach.

I didn't know any VPN providers also have public DNS servers.  Which ones do?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...