VPN with public dns?
Team,
See also attached screenshot:
I'm trying to setup an OpenVPN connection with the attempt of having all traffic routed via this VPN.
However, based on the DNS-settings it looks like at least partially, the traffic is bypassing the VPN?
This is because the second DNS-server belongs to Google (i.e. 8.8.8.8)?
Any suggestions?
Is there a way to assign the internal DNS-server (i.e. 192.168.139.235)?
This because this DNS-server also runs Pihole.
With warm regards - Will
=====
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I guess my next ask would be, what DNS settings are passed to the OpenVPN client now when a new connection is established (or was this always how it was set up)? Do you see either of those manual IPs? Does 8.8.8.8 still appear?
If I had more time, I'd mock this up myself...but crunch time today :)
- Copy Link
- Report Inappropriate Content
@d0ugmac1 Hi dougmac1, I have the same problem as the OP. My R605 gateway is giving the client the 8.8.8.8 DNS. I never set this anywhere and it's not a DNS server I want to use.
I followed the steps you recommended, including setting my DNS server as the WAN Primary DNS Server, just like OP did. The DNS settings passed to the OpenVPN client are:
192.168.9.1 - My R605, which is not my DNS server.
8.8.8.8
What is not passed is the DNS servers I specified as Primary and Secondary:
192.168.9.10
192.168.9.11
I set up a pfSense OpenVPN and it has no such problem but I'd rather be using the R605.
- Copy Link
- Report Inappropriate Content
@ITV Did you find a solution for this? I have exactly the same problem.
I've updated to the latest firmware and Omada software.
I set up a pfSense OpenVPN server to test. The same client works fine using that so I don't think it's a client problem.
As near as I can tell, TP-Link has hard-coded 8.8.8.8 into their OpenVPN implementation.
This is a showstopper for me so I'm really hoping for a solution.
- Copy Link
- Report Inappropriate Content
Difference is I was using L2TP and you are using OpenVPN. I am pretty sure you need to manually edit the .ovpn file to change the vpn client settings. The reason I suspect a difference is different code is used for the two VPNs and since the .ovpn is built by the firmware in the R605 itself. So export the .ovpn, edit it for the correct DNS settings, and then use that for your client(s).
- Copy Link
- Report Inappropriate Content
Thanks for your thoughts. I did try editing the .ovpn file and added my DNS. That file doesn't mention 8.8.8.8 and yet 8.8.8.8 still gets added. iiuc, the OpenVPN protocol allows the server to set additional settings at the time the client connects. The R605 uses that opportunity to add 8.8.8.8.
Switching to L2TP is a perfectly good option if that would fix my problem. I will try that.
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
FYI: I also tried filling all DNS-fields with my own DNS-servers.
But then the connection fails because there is no room for another DNS server...
Working on a replacement for the TP-link router => OpnSense - a mature router with dito fw and vpn.
Meaning all future customers will get the OpnSense router with a business subscription.
The business subscription allows central management in (more-or-less) the same way Omada does.
It is somewhat more expensive but also lesser security concerns...
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
I'm a bit surprised by the negativity here... I don't know who the heck expects a $69 router that is globally available, manageable by cloud and via smartphone app to drop out of the product development chute with every bell and whistle working. Really? TP-link doesn't have the development budgets of Cisco and the like because they aren't making 90% margin on every sale, but they are very responsive when it comes to service impacting bugs (props to @Fae and @Hank21). What they are doing is enabling many here to build their businesses on a cost effective platform that works for most cases. I do admit there are a few key features that need to be fixed or upgraded, like adding flexibility into the DDNS functionality (I for one would like to be able to use a custom URL) and implementing a fully configurable OpenVPN server (key to this thread and quite a few others).
Omada is not perfect, but it continues to improve, and it is certainly cost effective and lastly these forums definitely provide help for how-to's or workarounds when folks do run into trouble.
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4336
Replies: 36
Voters 0
No one has voted for it yet.