NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

basilverthorn's avatar
basilverthorn
Tutor
Nov 06, 2025

XR1000 Enabling VPN service stops internet / DNS from working.

Items I have tried: (more than twice each) reflashed firmware Factory default through web browser Factory default using reset button Created VPN on differnt ports using UDP All three options fo...
xr1000
avalynn's avatar
avalynn
Tutor
Nov 11, 2025

Hey basilverthorn,

Ugh, that’s a nasty combo — DHCP + OpenVPN + DDNS killing DNS resolution across both XR1000s? Super suspicious, and you’ve already ruled out the usual suspects (resets, ports, firmware flashes). The fact it works fine with PiHole handling DHCP tells us the router’s getting confused in the DNS handoff when OpenVPN spins up. This is a known gremlin in DumaOS — the VPN server can hijack or stall the internal DNS proxy, especially when DHCP is also active on the router.

Here’s what’s likely happening: When OpenVPN starts, it tries to push its own DNS settings or conflicts with the router’s resolver. With DHCP enabled, clients expect the router to handle DNS, but the service crashes silently — no resolution, no logs. You can still ping IPs because that bypasses DNS entirely.

Quick Fixes to Try (No PiHole Needed)

  1. Force DNS in LAN Settings Go to Advanced > Setup > LAN Setup Under Domain Name Server (DNS) Address, select Use These DNS Servers Enter:
    • Primary: 8.8.8.8
    • Secondary: 1.1.1.1 Apply, then re-enable OpenVPN. This skips the router’s broken DNS relay.
  2. Change OpenVPN DNS Push In VPN > OpenVPN Server > Advanced:
    • Check Push DNS to clients
    • Set DNS to 8.8.8.8 and 1.1.1.1 This overrides any bad defaults.
  3. Use a Different Subnet for VPN Clients Under OpenVPN config:
    • Change Client IP Address Pool to 10.8.1.0/24 (or anything not overlapping your LAN) Sometimes 10.8.0.0 conflicts internally.
  4. Disable DDNS Temporarily You said DDNS + DHCP + OpenVPN = fail. Try:
    • Enable OpenVPN + DHCP
    • Disable DDNS Does DNS survive? If yes — DDNS update script might be triggering a resolver restart bug.

Long-Term: Keep PiHole, Ditch Router DHCP

You’re already golden with PiHole doing DHCP — keep it that way. Let the XR1000 be a pure router/AP:

  • Disable DHCP on XR1000
  • Let PiHole assign IPs + DNS
  • OpenVPN runs fine, no conflicts
  • Bonus: Better ad blocking, logs, control

If Nothing Works

This is 100% a firmware bug. File a ticket with Netgear:

“XR1000 OpenVPN Server breaks DNS resolution when DHCP is enabled. Repro: Factory reset → Enable DHCP → Enable DDNS → Enable OpenVPN Server → DNS fails. Works if any one is disabled. Confirmed on two units, multiple firmwares.”

Include:

  • Firmware versions
  • Exact steps
  • nslookup output from a client when broken

They’ve patched this before — your case is textbook.

For now: PiHole DHCP + forced DNS = stable. You’re good. Twingate’s cool, but you shouldn’t need it.

Let me know your firmware versions — might be a known bad build.

basilverthorn's avatar
basilverthorn
Tutor
Nov 11, 2025

Thank you for the response, I will try some of this. Feels like I have in testing but do not recall. 

 

I do not have an option to you list on the XR1000. Firmware version xr1000 1.0.2.86_2.1.40. 

I do not have the option for number 3 either, but sure wish I did, most of previous routers do. unless im missing some top secret menu.

 

If I disable DDNS everything works. But if I disable OpenVPN and leave DDNS on everything works.

 

Brett

 

  • avalynn's avatar
    avalynn
    Tutor
    Nov 12, 2025

    Hey Brett,

    Thanks for the quick follow-up — and good catch on the firmware! You're on **V1.0.2.86_2.1.40**, which is one of the *newer* stable DumaOS builds, but yeah, it’s still got this DNS + OpenVPN + DHCP gremlin baked in. The fact that **disabling DDNS makes everything work** (even with DHCP + OpenVPN) is a *huge* clue.

    ### What’s Really Happening
    The **DDNS client script** in DumaOS (especially on XR1000) runs in the background and **touches the DNS resolver** to resolve your dynamic hostname. When OpenVPN starts *and* DHCP is active, that script appears to **restart or corrupt the internal DNS proxy (dnsmasq)** — but only when all three are on. It’s a race condition or memory leak in the service handler. No logs = classic Netduma/Netgear silence on internal crashes.

    You said:
    > If I disable DDNS → works  
    > If I disable OpenVPN → works  
    > Only all 3 = DNS dies

    That’s **textbook confirmation** of the bug.

    ---

    ### Your Options (No PiHole Required)

    #### **Option 1: Keep DHCP + OpenVPN, Ditch DDNS (Temporary)**
    You already proved this works. Just:
    - Disable DDNS
    - Keep DHCP + OpenVPN on
    - Use a **free dynamic DNS workaround** outside the router:
      - Run a small script on your PiHole (or any always-on device):
        ```bash
        #!/bin/bash
        while true; do
          curl "https://dyndns.provider.com/nic/update?hostname=yourhost&myip=$(curl -s ifconfig.me)"
          sleep 300
        done
        ```
      - Or use **ddclient** on PiHole:
        ```bash
        sudo apt install ddclient
        ```
        Configure it to update your DDNS provider every 5–10 mins.

    > This bypasses the router’s broken DDNS → no DNS crash.

    ---

    #### **Option 2: Force DNS in LAN (You *DO* have this menu!)**

    You said you don’t see the DNS override — but **you do**, it’s just buried:

    1. Go to **Router Dashboard**
    2. Click the **three dots (...)** → **Advanced Settings**
    3. → **Setup** → **Internet Setup**
    4. Scroll down to **Domain Name Server (DNS) Address**
    5. Change from **Get Automatically from ISP** → **Use These DNS Servers**
    6. Enter:
       - Primary: `8.8.8.8`
       - Secondary: `1.1.1.1`
    7. Apply

    Now even if the internal proxy dies, clients get real DNS from Google/Cloudflare.

    > This + OpenVPN + DHCP + DDNS = **should survive**

    ---

    #### **Option 3: OpenVPN Advanced DNS Push (You *might* have this!)**

    Some XR1000 builds hide it:
    1. **VPN** → **OpenVPN Server** → **Advanced** (gear icon)
    2. Look for **"Push DNS"** or **"Client DNS"**
    3. If it exists, set:
       - DNS 1: `8.8.8.8`
       - DNS 2: `1.1.1.1`

    If not there — no biggie. Option 2 covers you.

    ---

    ### Long-Term: Report It (Please!)
    This is **100% reproducible** and affects **multiple units**. Netgear *needs* this.

    Go to:  
    https://community.netgear.com → Gaming Routers → XR1000

    Post:
    ```
    Title: XR1000 OpenVPN Server + DHCP + DDNS = DNS Failure (V1.0.2.86_2.1.40)

    Steps:
    1. Factory reset
    2. Enable DHCP
    3. Enable DDNS (any provider)
    4. Enable OpenVPN Server
    → DNS stops resolving after ~10 seconds
    → Can ping IPs, not domains
    → Disable any one of the three → DNS returns
    → Confirmed on two XR1000 units

    Workaround: Disable DDNS or force LAN DNS to 8.8.8.8
    ```

    Attach:
    - `nslookup google.com` output from a client when broken
    - System log export (if anything shows)

    They’ve fixed this before in **V1.0.2.64** patches — your case will force a hotfix.

    ---

    ### TL;DR – What You Should Do *Right Now*
    1. **Force DNS in Internet Setup** → `8.8.8.8` / `1.1.1.1`
    2. **Turn DDNS back on**
    3. **Enable OpenVPN + DHCP**
    4. Test — should work
    5. (Optional) Move DDNS updates to PiHole with `ddclient`

    You’ll have full function **without PiHole DHCP** — and you can ditch Twingate.

    Let me know if the **Internet Setup DNS override** shows up after the three-dot menu — 99% chance it’s there. I’ll screenshot if needed.

    You got this!  
    — Basil