Page 1 of 2 12 LastLast
Results 1 to 10 of 11
  1. #1
    Untanglit
    Join Date
    Jan 2018
    Posts
    16

    Default How to use VPN servers DNS resolver

    I am trying to setup a VPN which comes with a smart DNS functionality for viewing Netflix etc but while I can get the VPN up and running no problem I cannot get the smart DNS to work. When I do a IP/DNS check the IP is the server one but the DNS is shown as owned by Cloudflare which is what I have defined as the primary and secondary DNS servers in the external interface. I would normally manually define the correct DNS one on a per device basis but they don't provide the IP addresses. Using the provided app for IOS the VPN DNS server is shown as should be and everything works as expected. This though will not work for devices such as the Apple TV as I am only able to define the DNS. Any suggestions?

  2. #2
    Untanglit
    Join Date
    Dec 2018
    Posts
    22

    Default

    Can you simply have DHCP on the internal interface provide a DNS override to clients?


    Sent from my iPhone using Tapatalk

  3. #3
    Untanglit
    Join Date
    Jan 2018
    Posts
    16

    Default

    Would this not require knowing what the DNS address is?

  4. #4
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,538

    Default

    Quote Originally Posted by Mytob View Post
    Using the provided app for IOS the VPN DNS server is shown as should be and everything works as expected.
    What is shown?
    If you think I got Grumpy

  5. #5
    Untanglit
    Join Date
    Jan 2018
    Posts
    16

    Default

    Maybe bad phrasing on my part. The app shows nothing of any use beyond saying it is connected. If i go to ipleak.net then i get a ip address from the country server I am connected to in this case the UK a couple of DNS servers in the same country. I have tried downloading the relevant ovpn file for the server and inputting the dns server ip addresses that I got form ipleak but cannot resolve domain names when routing traffic through the tunnel.

  6. #6
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,538

    Default

    Ok, fair enough.

    what NGFW app are you using for the VPN?

  7. #7
    Untanglit
    Join Date
    Jan 2018
    Posts
    16

    Default

    Currently a very simple setup...

    Firewall
    Tunnel VPN
    Reports

  8. #8
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    1,538

    Default

    Nice and clean, but i have no experience with Tunnel VPN, or services.
    If you think I got Grumpy

  9. #9
    Newbie
    Join Date
    Jul 2019
    Posts
    9

    Default

    @Mytob- did you find a solution? I was pulling my hair out trying to get my client to use the TunnelVPN DNS- Untangle was using the public DNS servers despite any rule that I could put into Firewall/Access/Nat/Dnsmasq- I tried them all. @mmajoor provided the solution at the end (post #57) of an earlier thread titled "DNS Leaking" which worked for me by using port forwarding. The only thing that is left out there in the description is that you need to click on "Advanced" to get to the stuff you want, but you'll need to delete the first line "Destined Local . . ." which is added automatically for the rule to work.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    23,740

    Default

    Workstations behind Untangle are going to use the DNS they are configured to use.

    With the TunnelVPN app, this brings a challenge. How do you know which DNS sessions to grab? The router can't really tell the difference between itself and workstations behind it on this level.

    If you don't care that DNS to your workstations won't work when the VPN is offline, all you need to do is craft a port forward rule.

    Destined Local is True
    Protocol is TCP & UDP
    Destination port is 53
    Source interface: any non-WAN

    New destination: IP of VPN service provided DNS
    New port either blank, or 53

    That rule will steal any DNS request bound for Untangle from a LAN interface, and redirect it to the VPN provider's DNS.

    Another solution, which is actually a bit cleaner, is to edit the DHCP configuration for the LAN in question, and insert the IP for the VPN provider's DNS server in the DNS Override field. Once you reboot the client, reconnect it, whatever it'll start sending DNS queries to the VPN provider's DNS directly instead of going to Untangle.

    What we lack, as far as I'm aware at this time, is the ability to capture DNS traffic and send it to different locations based on the status of the VPN tunnel.

    But yes, by default DNS "leaks" because your entire network does what you told it to do. Use Untangle for DNS, Untangle uses the DNS configured on its WAN interface(s). So if you don't want it to leak, you have to configure it not to. But again beware, doing so means your workstations will not be able to go online if the tunnel is offline.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2