VPN in the router With Dedicated IP Address and OpenDNS

Comments

4 comments

  • Avatar
    mattwilson9090

    I recall only a portion of your question being addressed in the forums in the past, namely that of getting OpenDNS to work using a shared VPN address. Being a shared address, it's very much like ISP users who are NAT'ed behind a public IP address by their ISP. If more than one of them used OpenDNS, only one of them would get their settings, and everyone else would get theirs as well. So basically, you couldn't have OpenDNS Home do filtering for you in that scenario.

    It might be possible to do this with the dedicated IP address, but it's probably unlikely that the OpenDNS updater could handle updates (as you seem to have discovered), and probably unlikely that updating it via utilities built into the router would do it as well. However, since it sounds like that dedicated IP address is static you might be able to manually update it on the dashboard. It would be worth a test to see if it accepts the update and if you can get OpenDNS to work for you via the VPN link.

    The downside of course would be that when you break the connection you'd need to update your address again, probably by manually running the Updater. And of course when you reconnect the VPN you'd have to do it again.

    Another option might be to use a Netgear router with LPC, since that doesn't rely on updated addresses to use a registered address. It's unlikely that you could run the VPN software on it, so you'd probably have to put the Netgear router "behind" there. I honestly have no idea if it would work or not, but it might be worth a try.

    There might be other options with some of the Umbrella versions of OpenDNS, especially with the agent or things like the Active Directory virtual machine (I forget the exact name) but I don't know if you're willing to pay for the service and I'm not as experienced with the Umbrella line as I am OpenDNS Home.

    Still, at least you've got some avenues to pursue, some of which would be fairly easy (and free) to test and experiment with

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    @cg6ry79m
    Your strategies and approaches are wrong.  And it's not a bug or fault, but exactly what is expected in such a scenario.  Outlining this as follows:

    "I am using a commercial VPN at my router."

    So, your router is the VPN client, and the other end it connects to is a commercial VPN server?  It's not you having public internet access then, but the VPN server.

    "So my router passess all traffic to this VPN server."

    Fine, but if you send your DNS traffic through this tunnel, then the VPN server must be configured to use OpenDNS.  Your DNS configuration on the router or on the computer (client side), no matter if WAN or LAN, is then irrelevant and not in effect.  It is effective only in case the VPN is disabled (as you have seen).

    (Btw, don't configure OpenDNS on the LAN/DHCP side.  You'll impact or break local name resolution.  Configure it just on the WAN side.)

    "I have a dedcated IP address so from the outside, it looks like I have a static IP."

    If the VPN server's IP address is shared by other VPN users, then it is not that "I have a dedicated IP address", because all VPN users have this address, and you cannot register it with your OpenDNS account anyway, as mattwilson9090 already detailed explained.

    So now, as you post here totally normal things which have to be as they are, do you want to use OpenDNS also with VPN connectivity enabled?  No problem!  Then you cannot send your DNS traffic through this VPN tunnel but must go with DNS traffic directly through the internet unless you can configure the VPN server to use OpenDNS.  You also must configure persistent routes for at least the IP addresses of myip.opendns.com and updates.opendns.com, so that the Updater goes directly through the internet too.  Else the Updater will continue to raise its error messages, and not performing any updates, as long as the VPN is established.  Again, this is all normal as it is.

    0
    Comment actions Permalink
  • Avatar
    cg6ry79m

    Roblitz,

     

    Thank you for your detailed and well-stated response.  Very helpful. At the bottom of this I will ask you for one more bit of hand-holding :-)

    Yeah, I know this is intended/expected behavior but I thought there may be a way to get OpenDNS filtering, etc since I am using a dedicated IP.  You see, the reason I have a "dedicated IP" in my VPN service is because now, NetFlix and other streaming services block shared IPs so if my router was pointed at any of the dozens of servers available from my VPN provider, it shows as a shared IP and is therefore blocked.  To the VPN Servers IP address IS NOT shared (otherwise it would be blocked by NetFlix)

    So, by having them give me a dedicated IP address, I am able to have a VPN through my ISP and I can still stream from NetFlix.  I was hoping that this configuration may lend itself to being able to use OpenDNS but I guess not.  Looks like I am stuck using whatever my VPN provider is configured to use (looks like 4.2.2.2)

    So in your bit about the persistent routes that bypass the VPN, any tips on how to do that?  myip.opendns.com and updates.opendns.com get non VPN routes?  Any others?  

    I really appreciate the time you took to respond to my first post.  You too mattwilson9090!

    I'm all ears!  Thanks!

    TK8LM6

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    "So in your bit about the persistent routes that bypass the VPN, any tips on how to do that?"

    In almost all major OSes this is achieved by the "route" command, sometimes by the "iptables" command from the command line / terminal window.
    To find more help, execute "route -?" on e.g. a Windows computer and search the internet for this topic.
    You also may want to look around for software which provides a GUI based version to amend the routes.

    "myip.opendns.com and updates.opendns.com get non VPN routes?  Any others?"

    Not the domain names, but the related IP addresses need to appear in the routes.  Best would be to include all OpenDNS IP address ranges.  Beside the mentioned ones for the Updater, you must, of course, include also the OpenDNS resolver addresses 208.67.2**.*** in your routes, so that your DNS queries go to OpenDNS, not through the VPN.

    Alternatively to the above, contact your VPN service provider to see if they can configure the OpenDNS resolver addresses just for you on their server with your dedicated static IP address.

    0
    Comment actions Permalink

Please sign in to leave a comment.