NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
Forum Discussion
XR1000 Enabling VPN service stops internet / DNS from working.
Items I have tried: (more than twice each)
- reflashed firmware
- Factory default through web browser
- Factory default using reset button
- Created VPN on differnt ports using UDP
- All three options for connection access as well
I am able to duplicate on a second XR1000 as well.
The setup is as follows:
- Enable DHCP
- Enable ddns
- Enable OpenVPN server
Then everything stops a few seconds later as far as DNS goes.
Those three enabled together and DNS fails to work. I can navigate the internet and FTP if I know the IP address of where I want to go. Disable DHCP, it works fine again. Disable OpenVPN Server on router it works fine again. If either of two are disabled then the router seems to resolve names.
Happening on both my XR1000s.
The moment I turn off DHCP and let my PiHole do DHCP for the network I can then my openvpn server running on the router just fine. If I put either of the routers with the above config, DNS appears to stop working. If I assign a DNS server to the NIC of any PC or MAC when this happens I am fine. So something with the three enabled, kills DNS.
Nothing in the logs, it looks pretty normal. Does not matter what subnet I move either of the routers too, just enable the 3 and instantly DNS fails. No port forwarding etc.. Just right off a factory reset, both XR's do the same thing. For now I just turned off the VPN and went to twingate, which is fine. My concern is I am wondering if this why on previous firmwares I would need to reboot so often, it was masked by something else. Unfortnately I still can not update one of the routers even to the new firmware. But they are a version apart, didnt make any difference anyway.
8 Replies
Yes same behavior, I had retired my pihole servers and moved to nextdns for adblocker as my family hated the piholes after a few years ;-). I only brought the Pi-Holes back to assist due to this issue, and thankfully it resolved it. But id like to move my PI's back to running klipper for my printers.
The setup is as follows:
- Enable DHCP
- Enable ddns
- Enable OpenVPN server
I am thinking this is with the PiHole running.
If so, I am wondering if you get the same behavior if you take the PiHole out of the equation.
Hey basilverthorn,
Ugh, that’s a nasty combo — DHCP + OpenVPN + DDNS killing DNS resolution across both XR1000s? Super suspicious, and you’ve already ruled out the usual suspects (resets, ports, firmware flashes). The fact it works fine with PiHole handling DHCP tells us the router’s getting confused in the DNS handoff when OpenVPN spins up. This is a known gremlin in DumaOS — the VPN server can hijack or stall the internal DNS proxy, especially when DHCP is also active on the router.
Here’s what’s likely happening: When OpenVPN starts, it tries to push its own DNS settings or conflicts with the router’s resolver. With DHCP enabled, clients expect the router to handle DNS, but the service crashes silently — no resolution, no logs. You can still ping IPs because that bypasses DNS entirely.
Quick Fixes to Try (No PiHole Needed)
- Force DNS in LAN Settings Go to Advanced > Setup > LAN Setup Under Domain Name Server (DNS) Address, select Use These DNS Servers Enter:
- Primary: 8.8.8.8
- Secondary: 1.1.1.1 Apply, then re-enable OpenVPN. This skips the router’s broken DNS relay.
- Change OpenVPN DNS Push In VPN > OpenVPN Server > Advanced:
- Check Push DNS to clients
- Set DNS to 8.8.8.8 and 1.1.1.1 This overrides any bad defaults.
- Use a Different Subnet for VPN Clients Under OpenVPN config:
- Change Client IP Address Pool to 10.8.1.0/24 (or anything not overlapping your LAN) Sometimes 10.8.0.0 conflicts internally.
- Disable DDNS Temporarily You said DDNS + DHCP + OpenVPN = fail. Try:
- Enable OpenVPN + DHCP
- Disable DDNS Does DNS survive? If yes — DDNS update script might be triggering a resolver restart bug.
Long-Term: Keep PiHole, Ditch Router DHCP
You’re already golden with PiHole doing DHCP — keep it that way. Let the XR1000 be a pure router/AP:
- Disable DHCP on XR1000
- Let PiHole assign IPs + DNS
- OpenVPN runs fine, no conflicts
- Bonus: Better ad blocking, logs, control
If Nothing Works
This is 100% a firmware bug. File a ticket with Netgear:
“XR1000 OpenVPN Server breaks DNS resolution when DHCP is enabled. Repro: Factory reset → Enable DHCP → Enable DDNS → Enable OpenVPN Server → DNS fails. Works if any one is disabled. Confirmed on two units, multiple firmwares.”
Include:
- Firmware versions
- Exact steps
- nslookup output from a client when broken
They’ve patched this before — your case is textbook.
For now: PiHole DHCP + forced DNS = stable. You’re good. Twingate’s cool, but you shouldn’t need it.
Let me know your firmware versions — might be a known bad build.
Thank you for the response, I will try some of this. Feels like I have in testing but do not recall.
I do not have an option to you list on the XR1000. Firmware version xr1000 1.0.2.86_2.1.40.
I do not have the option for number 3 either, but sure wish I did, most of previous routers do. unless im missing some top secret menu.
If I disable DDNS everything works. But if I disable OpenVPN and leave DDNS on everything works.
Brett
Hey Brett,
Thanks for the quick follow-up — and good catch on the firmware! You're on **V1.0.2.86_2.1.40**, which is one of the *newer* stable DumaOS builds, but yeah, it’s still got this DNS + OpenVPN + DHCP gremlin baked in. The fact that **disabling DDNS makes everything work** (even with DHCP + OpenVPN) is a *huge* clue.
### What’s Really Happening
The **DDNS client script** in DumaOS (especially on XR1000) runs in the background and **touches the DNS resolver** to resolve your dynamic hostname. When OpenVPN starts *and* DHCP is active, that script appears to **restart or corrupt the internal DNS proxy (dnsmasq)** — but only when all three are on. It’s a race condition or memory leak in the service handler. No logs = classic Netduma/Netgear silence on internal crashes.You said:
> If I disable DDNS → works
> If I disable OpenVPN → works
> Only all 3 = DNS diesThat’s **textbook confirmation** of the bug.
---
### Your Options (No PiHole Required)
#### **Option 1: Keep DHCP + OpenVPN, Ditch DDNS (Temporary)**
You already proved this works. Just:
- Disable DDNS
- Keep DHCP + OpenVPN on
- Use a **free dynamic DNS workaround** outside the router:
- Run a small script on your PiHole (or any always-on device):
```bash
#!/bin/bash
while true; do
curl "https://dyndns.provider.com/nic/update?hostname=yourhost&myip=$(curl -s ifconfig.me)"
sleep 300
done
```
- Or use **ddclient** on PiHole:
```bash
sudo apt install ddclient
```
Configure it to update your DDNS provider every 5–10 mins.> This bypasses the router’s broken DDNS → no DNS crash.
---
#### **Option 2: Force DNS in LAN (You *DO* have this menu!)**
You said you don’t see the DNS override — but **you do**, it’s just buried:
1. Go to **Router Dashboard**
2. Click the **three dots (...)** → **Advanced Settings**
3. → **Setup** → **Internet Setup**
4. Scroll down to **Domain Name Server (DNS) Address**
5. Change from **Get Automatically from ISP** → **Use These DNS Servers**
6. Enter:
- Primary: `8.8.8.8`
- Secondary: `1.1.1.1`
7. ApplyNow even if the internal proxy dies, clients get real DNS from Google/Cloudflare.
> This + OpenVPN + DHCP + DDNS = **should survive**
---
#### **Option 3: OpenVPN Advanced DNS Push (You *might* have this!)**
Some XR1000 builds hide it:
1. **VPN** → **OpenVPN Server** → **Advanced** (gear icon)
2. Look for **"Push DNS"** or **"Client DNS"**
3. If it exists, set:
- DNS 1: `8.8.8.8`
- DNS 2: `1.1.1.1`If not there — no biggie. Option 2 covers you.
---
### Long-Term: Report It (Please!)
This is **100% reproducible** and affects **multiple units**. Netgear *needs* this.Go to:
https://community.netgear.com → Gaming Routers → XR1000Post:
```
Title: XR1000 OpenVPN Server + DHCP + DDNS = DNS Failure (V1.0.2.86_2.1.40)Steps:
1. Factory reset
2. Enable DHCP
3. Enable DDNS (any provider)
4. Enable OpenVPN Server
→ DNS stops resolving after ~10 seconds
→ Can ping IPs, not domains
→ Disable any one of the three → DNS returns
→ Confirmed on two XR1000 unitsWorkaround: Disable DDNS or force LAN DNS to 8.8.8.8
```Attach:
- `nslookup google.com` output from a client when broken
- System log export (if anything shows)They’ve fixed this before in **V1.0.2.64** patches — your case will force a hotfix.
---
### TL;DR – What You Should Do *Right Now*
1. **Force DNS in Internet Setup** → `8.8.8.8` / `1.1.1.1`
2. **Turn DDNS back on**
3. **Enable OpenVPN + DHCP**
4. Test — should work
5. (Optional) Move DDNS updates to PiHole with `ddclient`You’ll have full function **without PiHole DHCP** — and you can ditch Twingate.
Let me know if the **Internet Setup DNS override** shows up after the three-dot menu — 99% chance it’s there. I’ll screenshot if needed.
You got this!
— Basil
Hey! That setup can really mess with the XR1000’s DNS, PiHole working shows it’s a router-side issue. A quick fix is forcing DNS in the LAN settings or tweaking OpenVPN’s pushed DNS. Long-term, keeping PiHole for DHCP and letting the router just handle routing seems to be the smoothest solution.
Hey! Spot on — PiHole stepping in proves the XR1000’s DNS proxy is the weak link when OpenVPN and DHCP team up. Forcing external DNS (like 8.8.8.8/1.1.1.1) in LAN Setup or via OpenVPN’s Push DNS usually patches it quick. But yeah, the cleanest long-term win is letting PiHole own DHCP — router just routes, VPN runs happy, no more silent crashes. Solid workaround till Netgear squashes the bug.
- Force DNS in LAN Settings Go to Advanced > Setup > LAN Setup Under Domain Name Server (DNS) Address, select Use These DNS Servers Enter:
