Hello i am using airvpn on a GL,net openwrt mini router attached to my main TPLink modem/router. The GL,net router has my VPN details installed via the openvpn client tab. My problem is my DNS server is showing up as my ISP in win7 64bit home premium even though i have changed it in my network settings under IPv4 (disabled IPv6). The Netadaptor utility (connar bernhard) shows the expected dns servers but using https://ipleak.net shows my isps dns server. I have flushed the dns cache with the netadptor utility and rebooted but the same happens. Windows xp pro does not leak my dns servers. What am i missing? thanks for your time Martin
What DNS servers are configured in the OpenWrt router? I don't know OpenWrt. In pfSense, you can route the VPN tunnel to LAN, and run a DHCP server that's configured with the VPN provider's DNS servers.
How long did you pay for Air VPN? If you paid for just one month, you might want to consider changing the VPN service because the best VPN for Linux doesn't necessarily best for Windows. I was using Trust Zone before on Linux but then didn't pass the DNS Leak Test. Lucky for me, I paid for Trust Zone for just one month. Air VPN works like a charm on Linux but for Windows, I'm not sure. Just Google the keyword: "best VPN for Windows 2018" and if you are on Linux keyword: "best VPN for Linux 2018".
One year. Xp is OK but win7 is not so it varies between os versions. I could run xp via glnet and 7 via Eddie client but that would mean I have to mess with ether net cables
Here is an interesting thing. I've using several VPN services but the result is the same. IPv4 shows my VPN's IP, but IPv6 shows my real IP.
See my VPN testing site You either need to use a VPN that blocks IPv6, or one that provides its own IPv6. For blocking, you can just use a firewall.
Thanks. I've always trusted Privatoria but it has failed me. That cheap Ivacy has a button to prevent IPv6 leaks but it does not work...
Yeah, that's not uncommon I haven't updated that site for a year now. But the ones that didn't leak IPv6 should still be OK.
Sounds like a router firmware issue, not a VPN provider problem. The IPV6 code likely has some issues that don't show up with IPV4. More than likely, it doesn't implement ip6tables prerouting rules for IPV6 internally or not quite the same ones as for IPV4. The great thing about Linux open source routers is that you can add to them and alter them with custom scripts and iptables rules. I lock down DNS on my routers with these IP tables rules. I'm not using IPV6 so the examples given are for IPV4 but the IP tables rules should work with IPV6 if rewritten as ip6tables rules with IPV6 addresses. The first example forces all DNS queries on port 53 from a whole subnet to a specific DNS server. I used Google's 8.8.8.8 as the example IP. The second example forces an individual client on that subnet to use that DNS server. The DNS settings in the router's GUI are overridden by these rules. All clients will use the DNS server specified regardless of the DNS settings in the OS. The only way around it is to layer another VPN upon the VPN in the router in the client. Code: iptables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 8.8.8.8 iptables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 8.8.8.8 iptables -t nat -I PREROUTING -s 192.168.0.113 -p tcp --dport 53 -j DNAT --to 8.8.8.8 iptables -t nat -I PREROUTING -s 192.168.0.113 -p udp --dport 53 -j DNAT --to 8.8.8.8 I took a quick look at a reference and my IP tables rules translated to IPV6 would look something like this. Code: ip6tables -t nat -I PREROUTING -i br0 -p udp --dport 53 -j DNAT --to 2001:4860:4860::8888 ip6tables -t nat -I PREROUTING -i br0 -p tcp --dport 53 -j DNAT --to 2001:4860:4860::8888 ip6tables -t nat -I PREROUTING -s fd30:0000:0000:0031 -p tcp --dport 53 -j DNAT --to 2001:4860:4860::8888 ip6tables -t nat -I PREROUTING -s fd30:0000:0000:0031 -p udp --dport 53 -j DNAT --to 2001:4860:4860::8888 Blocking IPV6 is a lot easier but sooner or later we are all going to have to deal with ipv6. We finally have fiber internet in my area and the one provider requires ipv6 for full speed. I live far from the fiber lines so I don't yet have to choose between bandwidth and VPN security or mess around with ip6tables.
