Hello, everyone!
Tell me, please...
I have a router Microtic hAP ac2(firmware 7.9.2).
Configured under the service NordVPN(ipsec/ikev2) in accordance with their manual provided on the website:
https://support.nordvpn.com/Connectivit ... ordVPN.htm
The location changes.
On the recommendation of NordVPN support I made a dnsleaktest test.
According to the test results, the support service wrote that there is a DNS leak(look please screen).
NordVPN support explains the situation in such a way that if the router and the service
work correctly, the COUNTRY of the dummy address on the screenshot (D1-2) should coincide with the country on the screenshot (D1-1).
In my case on the first screenshot is Belgium, on the second screenshot it should be Belgium instead of Germany.
Please help me in troubleshooting this problem.
I will be grateful for any information.
Leakage of the DNS/ NordVPN Mikrotik hAP ac2.
You do not have the required permissions to view the files attached to this post.
Re: Leakage of the DNS/ NordVPN Mikrotik hAP ac2.
Hey there,
I've had my Nordvpn setup a little bit different.
1. I use Connection Marks (/ip firewall mangle) to seperate different Devices or Destinations to use VPN or not.
2. I use my own DNS resolver via pihole + unbound.
First of all i would look into "/ip firewall connections" and filter for your dns server ip from /ip dns as "Destination Address" than have a look at "Reply Dst. Address" (maybe you have to right click and add this column with "show columns..."), this should be your nordvpn ip.
If this isn't the case there should be the external ip you get from your ISP.
Then you may try to use responder DNS from "/ip ipsec mode config". Within Nordvpn config you can check to "use responder dns", try yes or exclusively. Run the leaktest again or have a look in your connections as described before.
Last idea i have, is to use connection marking. first try would be something like:
and than change your mode config to only be used with connections marked as VPN.
if the last point is the solution, you have to be aware that every traffic that is not marked as VPN will be sent with your ISP ip, so you have to add additional rules to mark every other traffic that should be sent through NordVPN.
I've had my Nordvpn setup a little bit different.
1. I use Connection Marks (/ip firewall mangle) to seperate different Devices or Destinations to use VPN or not.
2. I use my own DNS resolver via pihole + unbound.
First of all i would look into "/ip firewall connections" and filter for your dns server ip from /ip dns as "Destination Address" than have a look at "Reply Dst. Address" (maybe you have to right click and add this column with "show columns..."), this should be your nordvpn ip.
If this isn't the case there should be the external ip you get from your ISP.
Then you may try to use responder DNS from "/ip ipsec mode config". Within Nordvpn config you can check to "use responder dns", try yes or exclusively. Run the leaktest again or have a look in your connections as described before.
Last idea i have, is to use connection marking. first try would be something like:
Code: Select all
/ip firewall mangel
add chain=prerouting action=mark-connection new-connection-mark=VPN protocol=udp dst-
port=53 passthrough=no
if the last point is the solution, you have to be aware that every traffic that is not marked as VPN will be sent with your ISP ip, so you have to add additional rules to mark every other traffic that should be sent through NordVPN.
Who is online
Users browsing this forum: No registered users and 8 guests