Open VPN server DNS Leak

If your problem doesn't fall into one of the other categories, report it here.

Moderator: Moderators

Post Reply
Dany92
Posts: 3
Joined: Wed Sep 18, 2019 7:07 am

Open VPN server DNS Leak

Post by Dany92 »

Hello,

Gargoyle is very user friendly, very good job.

On android client I have DNS leak. To resolve the leak I add in /etc/openvpn/server.conf

push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"

The DNS adress (in dhcp-option) is not important, but it forces the android client to use the gargoyle's DNS.

I look iptables. When I restart firewall I have this message
"Warning: Option @defaults[0].force_router_dns is unknown".

I saw when you force router dns you run the rules in firewall.user.

But the rules /etc/firewall.user is always on.

Thanks,

Gargoyle version 1.11.0/Gargoyle revision 2145d423/Built February 19, 2019 on archer C7 V2.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: Open VPN server DNS Leak

Post by Lantis »

Can you please better describe your issue?

We don't put anything by default into /etc/firewall.user
The function responsible for forcing router dns is

Code: Select all

force_router_dns()
{
	force_router_dns=$(uci get firewall.@defaults[0].force_router_dns 2> /dev/null)
	if [ "$force_router_dns" = "1" ] ; then
		iptables -t nat -I zone_lan_prerouting -p tcp --dport 53 -j REDIRECT
		iptables -t nat -I zone_lan_prerouting -p udp --dport 53 -j REDIRECT
	fi
}
Your error relates to the first line of that function, and it's not really even possible given that errors are redirected to /dev/null.

So, what else have you modified? And have you tried undoing everything or factory resetting to see if your issue goes away first?
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

Dany92
Posts: 3
Joined: Wed Sep 18, 2019 7:07 am

Re: Open VPN server DNS Leak

Post by Dany92 »

Hello,

I use, Gargoyle version 1.11.0/Gargoyle revision 2145d423/Built February 19, 2019 on archer C7 V2.

It is new install with archive gargoyle_1.11.0-ar71xx-generic-archer-c7-v2-squashfs-factory.bin (download section on this site)

When I saw the problem with force dns, I add this lines in firewall.user

Code: Select all

iptables -t nat -I zone_lan_prerouting -p tcp --dport 53 -j REDIRECT
iptables -t nat -I zone_lan_prerouting -p udp --dport 53 -j REDIRECT
The old firmware on my router was openwrt.

Thanks.

Post Reply