Open VPN server DNS Leak

[Dany92]

Hello,

Gargoyle is very user friendly, very good job.

On android client I have DNS leak. To resolve the leak I add in /etc/openvpn/server.conf

push "dhcp-option DNS 1.1.1.1"
push "dhcp-option DNS 1.0.0.1"

The DNS adress (in dhcp-option) is not important, but it forces the android client to use the gargoyle's DNS.

I look iptables. When I restart firewall I have this message
"Warning: Option @defaults[0].force_router_dns is unknown".

I saw when you force router dns you run the rules in firewall.user.

But the rules /etc/firewall.user is always on.

Thanks,

Gargoyle version 1.11.0/Gargoyle revision 2145d423/Built February 19, 2019 on archer C7 V2.

[Lantis]

Can you please better describe your issue?

We don't put anything by default into /etc/firewall.user
The function responsible for forcing router dns is

Code: Select all

force_router_dns()
{
	force_router_dns=$(uci get firewall.@defaults[0].force_router_dns 2> /dev/null)
	if [ "$force_router_dns" = "1" ] ; then
		iptables -t nat -I zone_lan_prerouting -p tcp --dport 53 -j REDIRECT
		iptables -t nat -I zone_lan_prerouting -p udp --dport 53 -j REDIRECT
	fi
}

Your error relates to the first line of that function, and it's not really even possible given that errors are redirected to /dev/null.

So, what else have you modified? And have you tried undoing everything or factory resetting to see if your issue goes away first?

[Dany92]

Hello,

I use, Gargoyle version 1.11.0/Gargoyle revision 2145d423/Built February 19, 2019 on archer C7 V2.

It is new install with archive gargoyle_1.11.0-ar71xx-generic-archer-c7-v2-squashfs-factory.bin (download section on this site)

When I saw the problem with force dns, I add this lines in firewall.user

Code: Select all

iptables -t nat -I zone_lan_prerouting -p tcp --dport 53 -j REDIRECT
iptables -t nat -I zone_lan_prerouting -p udp --dport 53 -j REDIRECT

The old firmware on my router was openwrt.

Thanks.