Gargoyle Forum

A forum to discuss the Gargoyle web interface for Openwrt
https://www.gargoyle-router.com/phpbb/

Open VPN server DNS Leak

https://www.gargoyle-router.com/phpbb/viewtopic.php?t=12134

Page 1 of 1

Open VPN server DNS Leak

Posted: Fri Oct 04, 2019 10:01 am
by Dany92
Hello,

Gargoyle is very user friendly, very good job.

On android client I have DNS leak. To resolve the leak I add in /etc/openvpn/server.conf

push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"

The DNS adress (in dhcp-option) is not important, but it forces the android client to use the gargoyle's DNS.

I look iptables. When I restart firewall I have this message
"Warning: Option @defaults[0].force_router_dns is unknown".

I saw when you force router dns you run the rules in firewall.user.

But the rules /etc/firewall.user is always on.

Thanks,

Gargoyle version 1.11.0/Gargoyle revision 2145d423/Built February 19, 2019 on archer C7 V2.

Re: Open VPN server DNS Leak

Posted: Fri Oct 04, 2019 10:20 am
by Lantis
Can you please better describe your issue?

We don't put anything by default into /etc/firewall.user
The function responsible for forcing router dns is

Code: Select all

force_router_dns()
{
	force_router_dns=$(uci get firewall.@defaults[0].force_router_dns 2> /dev/null)
	if [ "$force_router_dns" = "1" ] ; then
		iptables -t nat -I zone_lan_prerouting -p tcp --dport 53 -j REDIRECT
		iptables -t nat -I zone_lan_prerouting -p udp --dport 53 -j REDIRECT
	fi
}
Your error relates to the first line of that function, and it's not really even possible given that errors are redirected to /dev/null.

So, what else have you modified? And have you tried undoing everything or factory resetting to see if your issue goes away first?

Re: Open VPN server DNS Leak

Posted: Fri Oct 04, 2019 2:34 pm
by Dany92
Hello,

I use, Gargoyle version 1.11.0/Gargoyle revision 2145d423/Built February 19, 2019 on archer C7 V2.

It is new install with archive gargoyle_1.11.0-ar71xx-generic-archer-c7-v2-squashfs-factory.bin (download section on this site)

When I saw the problem with force dns, I add this lines in firewall.user

Code: Select all

iptables -t nat -I zone_lan_prerouting -p tcp --dport 53 -j REDIRECT
iptables -t nat -I zone_lan_prerouting -p udp --dport 53 -j REDIRECT
The old firmware on my router was openwrt.

Thanks.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited