OpenVPN with DNScrypt #1936
Unanswered
retournerai
asked this question in
Q&A
OpenVPN with DNScrypt
#1936
Replies: 1 comment 2 replies
-
|
Maybe this helps? https://serverfault.com/questions/416708/how-to-ensure-openvpn-connection-uses-specific-dns |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Unfortunately it did not work. The issue is that DNS queries are not being forwarded to 127.0.0.1 # 5353 and whatever I tried so far did not work. |
Beta Was this translation helpful? Give feedback.
-
|
Issue found. Somehow the dnsmasq was disabled. DHCP seemed disabled as well. It was hard for me to find that out but I got it working now. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
With OpenVPN enabled DNScrypt gets ignored an bypassed on my Edge Router X.
I disabled OpenVPN like this:
configureset interfaces openvpn vtun0 disablecommitsaveI installed DNScrypt as described here: https://github.com/DNSCrypt/dnscrypt-proxy/wiki/Installation-on-EdgeOS All works well. The testing works well.
Then I enable OpenVPN again like this:
configuredelete interfaces openvpn vtun0 disablecommitsaveAnd DNScrypt is being bypassed / ignored. I assume it has to do with the 127.0.0.1 which is being ignored but I could not find a way to resolve it.
My OpenVPN settings:
configureset interfaces openvpn vtun0 config-file /config/openvpn/nl.mullvad.net.ovpnset interfaces openvpn vtun0 description 'OpenVPN VPN tunnel'commitset service nat rule 5000 description 'OpenVPN Clients'set service nat rule 5000 log disableset service nat rule 5000 outbound-interface vtun0set service nat rule 5000 source address 192.168.1.0/24set service nat rule 5000 type masqueradecommitset protocols static table 1 interface-route 0.0.0.0/0 next-hop-interface vtun0set firewall modify SOURCE_ROUTE rule 10 description 'traffic from 192.168.1.0/24 to vtun0'set firewall modify SOURCE_ROUTE rule 10 source address 192.168.1.0/24set firewall modify SOURCE_ROUTE rule 10 modify table 1set interfaces ethernet eth1 firewall in modify SOURCE_ROUTEcommitsaveLooking around in the files on my EdgeRouter I see the following:
My dnsmasq.conf file:
autogenerated by vyatta-dns-forwarding.pl on Fri Nov 5 02:32:32 EDT 2021
log-facility=/var/log/dnsmasq.log
interface=eth1
interface=eth2
interface=eth3
interface=eth4
interface=eth0
cache-size=0
server=1.1.1.1 # statically configured
server=127.0.0.1#5353
proxy-dnssec
no-resolv
no-resolv
If I remove the 1.1.1.1 DNS it stops working all together.
My resolv.conf (which should be ignored according to the DNScrypt instructions):
nameserver 1.1.1.1
nameserver 193.29.62.196
This is where the OpenVPN runs on I believe:
vtun0 10.15.0.1
I have been searching for days but could not find a way to make it work together.
Beta Was this translation helpful? Give feedback.
All reactions