After a fairly steep learning curve and some patient assistance from other forum members, I recently managed to get NordVPN working on my MicroTik Hex using the Wireguard protocol. (See http://forum.mikrotik.com/t/idiots-guide-to-setting-up-wireguard-client/169921/1) When I enable the relevant route, it switches all my internet traffic from the local network to go via the WG tunnel. Generally speaking it works well, but I have one outstanding problem: DNS.
I don’t always want all traffic to go via the WG tunnel - I want to be able to enable it and disable as I need to (primarily in order to switch where I appear in the world). If I connect to the VPN using Nord’s apps on a specific machine, they automatically update my DNS configuration once they’re connected to avoid DNS leaks; but obviously if I just enable a route on the MT, none of the clients are aware that they need to change DNS servers. I can update the DHCP server on the router manually and then manually reconnect all the clients I care about but it’s a pretty clunky solution + it means that I can’t use the router to serve local DNS entries for my LAN when the tunnel is up.
Ideally, what I’d like to do is configure the router as the DNS server for the LAN and that just update the DNS servers that the router itself uses when the WG route is enabled. For this to work I think I’d need to do a few things:
- Ensure that the router itself is sending DNS lookups via the WG tunnel when the route is enabled
- Automatically update the router’s DNS servers when the WG tunnel route is enabled
- Ensure that the router’s DNS cache is wiped when the DNS servers change (I guess this might happen automatically?
Is this a terrible idea from the beginning? Is there a better way to do this? If not, what’s the best way to go about this? Should I have some sort of script that runs on the router makes all the changes in one go?