Orbi VPN with custom dhcp/dns

netroworx2 · ‎2022-09-11

I have an Orbi Wifi 6 mesh.

All working well.

I have another server on my network acting as DHCP via dnsmasq served from 192.168.1.68.

It gives out domain names reliably based on MAC addresses.

I can ping machine1.local and get a response.

Let's say machine1 is assigned IP: 192.168.1.100

I've set the router to act as an OpenVPN server.

I can connect to the VPN from outside my normal network.

The client gets assigned VPN IP:

192.168.254.21

with gateway and DNS of 192.168.254.1

External DNS resolution to domains such as yahoo.com works ok.

I can traceroute and ping to 192.168.1.68.

I can ssh to: 192.168.1.68 and run nslookup and resolve machine1.local

If from the VPN client machine I run:

nslookup

> server 192.168.1.68

> machine1

I get:

;; connection timed out; no servers could be reached

Something is blocking the DNS traffic for some reason.

Appreciate any advice.

CrimpOn · ‎2022-09-11

What DNS servers are defined in the router?

Whatever provided by ISP?
User defined external DNS, such as 1.1.1.1 or 8.8.8.8?
192.168.1.68?

netroworx2 · ‎2022-09-11

WAN is set to use ISP DNS.

LAN is set to use 192.168.1.98

CrimpOn · ‎2022-09-11

Thanks. My hypothesis is that the Orbi is intercepting DNS queries and referring them to the ISP DNS servers, which have no idea who 192.168.1.68 is. Using DHCP to tell all devices on the network to use 192.168.1.68 to resolve DNS queries does not tell the Orbi router to do so. (because the Orbi does not get its IP from 192.168.1.68. It has claimed that IP for itself.)

One experiment might be to set the Orbi to resolve DNS at 192.168.1.68 and have that server resolve DNS at some public source, such as 1.1.1.1 or 8.8.8.8

Question: was the ".local" left off that nslookup query on purpose?

netroworx2 · ‎2022-09-11

Local not left off on purpose.

I've tried with .local

I like your idea. Was hoping not to route public DNS through my DNS server but will give it a go. Thanks for the suggestion.

I really wish the Orbi could be set up to resolve local DNS names itself without the need for an external server.

CrimpOn · ‎2022-09-11

@netroworx2 wrote:

I really wish the Orbi could be set up to resolve local DNS names itself without the need for an external server.

That has been mentioned before. I did an experiment using Pi-hole, which does allow defining local DNS names. Pointed the Orbi to the Pi-hole and it did resolve local URLs. (not running that way right now. I change settings quite a bit.)

CrimpOn · ‎2022-09-11

Oh, darn. I did not attempt to resolve local URLs from a VPN connection. It will take some time to set up that experiment. (Need to have the network to myself for a bit.)

netroworx2 · ‎2022-09-11

I tried your suggestion.

Resolves remote DNS but still not local DNS entries.

VPN DNS does not seem to be using my local DNS to resolve local or remote.

VPN blocks DNS traffic to my local DNS server. Does not block other traffic to my server.

netroworx2 · ‎2022-12-25

Wasn't the Orbi blocking the traffic. DNSMasq was dropping non local queries.

Here's what I did:

- changed domain from 'local' to 'internal' because 'local' queries are resolved by multicast DNS

- added exclude interface in dnsmasq config. This turns off the dropping of local queries

- added 2 lines to the Smartphone.ovpn file downloaded from the router:

dhcp-option DNS u.x.y.z
dhcp-option DOMAIN-SEARCH internal

Replace u.x.y.z with the IP of the dnsmasq service on the local network.

Orbi VPN with custom dhcp/dns

Orbi VPN with custom dhcp/dns

Re: Orbi VPN with custom dhcp/dns

Re: Orbi VPN with custom dhcp/dns

Re: Orbi VPN with custom dhcp/dns

Re: Orbi VPN with custom dhcp/dns

Re: Orbi VPN with custom dhcp/dns

Re: Orbi VPN with custom dhcp/dns

Re: Orbi VPN with custom dhcp/dns

Re: Orbi VPN with custom dhcp/dns