× NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.
× Introducing the new Orbi 770 Series Mesh System. To learn more click here.
Orbi WiFi 7 RBE973
Reply

Orbi router not pushing DNS to VPN client

ktula
Apprentice

Orbi router not pushing DNS to VPN client

I have enabled VPN server on the Orbi router and i am able to connect to it from both my Mac and my iPhone. However, i am having issue with the VPN service not pushing its DNS to either the Mac or the iPhone. When i am at work, my Mac receives an IP address and also a set of DNS from the work's DHCP server. When i open a VPN connection to my Orbi router, i expect my Mac to be updated with the DNS from the Orbi router. When i disconnect the VPN connection, i expect the DNS to be replaced by the one from work.

 

However, that is not happening. So while i am connected to the VPN, my Mac is still using the DNS provided by my workplace's DHCP server. Is there a way to configure the Orbi router so that it pushes its DNS to the VPN client?

Model: RBK53| Orbi Router + 2 Satellites Orbi WiFi System
Message 1 of 17
ktula
Apprentice

Re: Orbi router not pushing DNS to VPN client

No one has ever encountered this? 

Message 2 of 17

Re: Orbi router not pushing DNS to VPN client

OK, an example.

By default you connect from work to your home VPN with the DNS lookup homevpn.mydomain.net
Your work DNS server doesn’t have this DNS entry so it looks for it on the Internet DNS servers your work IT people have set, likely 8.8.8.8

You then make a connection to the VPN which adds an IP route on your Mac so you can reach other home computers.

If the DNS servers changed on your Mac to your home ones then the source lookup for homevpn.mydomain.net on the Internet would disappear and the VPN would drop.

You wouldn’t be able to resolve a server

It’s not the Orbi but the VPN client on the Mac. You need to set it to have Split Mode DNS.
Message 3 of 17
ktula
Apprentice

Re: Orbi router not pushing DNS to VPN client

The VPN service in the Orbi router (i believe this is similar to other Netgear router offering VPN service) has three options when it comes to "Clients will use this VPN connection to access":

 

- Auto

- All sites on the Internet & Home Network

- Home Network

 

When i initially set up the VPN service, i selected the "All sites on the internet & home network" because that's what i wanted.

 

However if you choose that option, the VPN DNS is not pushed by the VPN service to replace the local DNS AFTER you have established the VPN connection. 

 

After changing the option to "Auto", the VPN service started pushing its DNS to replace the local DNS after the VPN connection is established. However now i have a different problem. My apparent IP address is still the local one assigned by my work DHCP server. 

 

So this is what happens if you choose these options for "Clients will use this VPN connection to access":

 

Auto: Apparent IP address does not change but the DNS is replaced

 

All sites on the Internet & Home Network: Apparent IP address does change but the DNS does not

 

Home Network: Same as Auto

Message 4 of 17

Re: Orbi router not pushing DNS to VPN client

Correct. Forget Auto for a moment.

You have "Home Network" which routes Internet traffic out of your works Internet pipe and any home traffic down the VPN.

You have "Internet and Home Network" that only keeps a work Internet connection active purely to carry the outside VPN itself out to the Internet. Any other Internet traffic like disney.com is then routed inside the VPN down to your Orbi and will use your home Internet provider to access the web site.

Auto is doing choosing "Home Network" which is what standard VPN connection do. 

The questions are :

1. When connected to either "Home Network" or "All sites on the Internet and Home Network", are you trying to reach a server at home with a domain address such as myserver.home and cannot resolve it?

2. When connected to "Home Network" you can't resolve workserver1.workdomain?

Also are you using the OpenVPN Mac client? 

https://openvpn.net/

BSG



Message 5 of 17
ktula
Apprentice

Re: Orbi router not pushing DNS to VPN client

With the "internet and home network" option, the VPN DNS is not replacing the work DNS so if i try to get to any website like google.com, it won't (because tthe work DNS does not respond request from outside its network). In other words, once the VPN is established, there is the work DNS is not resolving any DNS requests coming from a 192.168.1.x IP.

 

I have not really tried the "Home network" too much because my purpose is not to just use the home network when i VPN to my home router.

 

I am using Tunnelblick. I tried the latest general release and i installed the latest beta hoping for a different outcome but it is the same.

 

 

Message 6 of 17

Re: Orbi router not pushing DNS to VPN client

This doesn't sound so much a VPN issue rather than a routing one.

The VPN client should add an IP route to the Mac that if any non routeable IP addresses eg 192.168.1.x are used they are routed down the VPN. The Orbi would route these to the Internet. If that route isn't being added then you would get the effect as you describe.

I would try the official OpenVPN Mac client rather than Tunnelblick.

The other uncommon possibility is that your work IP people have put a block on changing routing info on the Mac possibly stopping people watching Netflix over a VPN rather than not being to view it in the office due to the corporate firewall blocking it, for example.

Message 7 of 17
ktula
Apprentice

Re: Orbi router not pushing DNS to VPN client

I personally think it's how Netgear configured the VPN service on the router. Otherwise would the apparent IP address change in the "All sites on the internet & home network" but not in "auto" and "Home Network" ?

 

I'm only using Tunnelblick because that's what recommended by Orbi. I'll give the OpenVPN mac client a go. Thanks!

Message 8 of 17
Lyckoskold
Aspirant

Re: Orbi router not pushing DNS to VPN client

I replaced my Nighthawk with a new Orbi router and one of the reasons was to be able to keep the seame VPN i Spain.

After two days work the Tunnelblick loggfile says unable to get DNS from server. Unable to run ipstat on server.

This issue must be taken care of ASAP by Netgear or a temeplan for when I can replase the router.

Regeards

Model: RBK50| Orbi AC3000 High-Performance Tri-Band WiFi System
Message 9 of 17
Lyckoskold
Aspirant

Re: Orbi router not pushing DNS to VPN client

I have now checked with Asus VPN client and the same error apear. The Orbi does not return the DNS info.
Regards
Model: RBK50| Orbi AC3000 High-Performance Tri-Band WiFi System
Message 10 of 17
ktula
Apprentice

Re: Orbi router not pushing DNS to VPN client


@Lyckoskoldwrote:

I replaced my Nighthawk with a new Orbi router and one of the reasons was to be able to keep the seame VPN i Spain.

After two days work the Tunnelblick loggfile says unable to get DNS from server. Unable to run ipstat on server.

This issue must be taken care of ASAP by Netgear or a temeplan for when I can replase the router.

Regeards


I opened a ticket with Netgear support and after going back and forth, Netgear support suggested "updating" the firmware to 2.0.1.4 (from 2.1.2.18). This was quite confusing to me because going back to an older firmware is not an upgrade, it's a downgrade. They weren't sure if 2.0.1.4 would fix the issue so it was just a suggestion. Apparently, users have a lot of issues with 2.1.2.18 so Netgear rolled back its release. One of the issues that caused the firmware rollback was instability of wired ethernet backhaul. This feature was added to 2.1.X.X firmware and downgrading to 2.0.1.4 means losing it. I had a lot of issues initially when i was setting up the Orbi router/satellites sytem with wired Ethernet backhaul and after removing a switch between the router and one of the satellites, it has been working generally well. So i don't really want to lose this wired Ethernet backhaul feature by downgrading to 2.0.1.4.

Message 11 of 17
ktula
Apprentice

Re: Orbi router not pushing DNS to VPN client


@Lyckoskoldwrote:
I have now checked with Asus VPN client and the same error apear. The Orbi does not return the DNS info.
Regards

What is the firmware version of your Orbi router? 

 

What is the current VPN service setting? There are three choices in version 2.1.2.18 version of the firmware:

- Auto

- All sites on the internet & home network

- Home network only

 

For me, when the VPN service is "auto", the Orbi router pushes its DNS to the VPN client. But when the VPN service is "all sites on the internet & home network", it does not push its DNS to the VPN client, which means your VPN client is using the local DNS.

Message 12 of 17
Lyckoskold
Aspirant

Re: Orbi router not pushing DNS to VPN client

I have the latest version checked yesterday. I use the second option all traffic. I want to mascerade that I am in Spain and pretend to be home in Sweden.
I can trough Asus contact my Orbi and my LAN in Sweden but the DNS wont work.
Model: RBK50| Orbi AC3000 High-Performance Tri-Band WiFi System
Message 13 of 17
Lyckoskold
Aspirant

Re: Orbi router not pushing DNS to VPN client

And it works perfect with my Nighthawk !!
Model: RBK50| Orbi AC3000 High-Performance Tri-Band WiFi System
Message 14 of 17
ktula
Apprentice

Re: Orbi router not pushing DNS to VPN client

There's a way to get around this Orbi router VPN servcie bug. It's kind of a pain in the ass but you manually change the DNS for the computer each time you use the VPN client.

Message 15 of 17
Lyckoskold
Aspirant

Re: Orbi router not pushing DNS to VPN client

I have tryed that but Tunnelblick closes the session and Asus and Orbi seems to need the same DNS and refuse to route when this apear. In my Orbi LAN I can connect trough pure IP but the Orbi wont route to WAN.

Regards
Model: RBK50| Orbi AC3000 High-Performance Tri-Band WiFi System
Message 16 of 17
ktula
Apprentice

Re: Orbi router not pushing DNS to VPN client

This may not be related to the 2.1.3.4 firmware update. I had issue getting IP address from the router after VPN to it. So i changed the configuration in tunnelblick to use tun instead of tap. The VPN service on the router is set to "All sites on the internet and Home network". Now, everything appears to be working correctly. Upon connecting to the router, the DNS is correctly updated and "what is my IP address" is showing the internet IP address of the router.

 

Message 17 of 17
Top Contributors
Discussion stats
  • 16 replies
  • 5899 views
  • 0 kudos
  • 3 in conversation
Announcements

Orbi 770 Series