I have two Peplink B one routers, one in the US and one in Costa Rica. I have setup a PepVPN between them. When I check my IP on devices I have created outbound policies for, my IP shows in the US as expected. However, I have a Google device with hardcoded DNS IPs. I created a separate outbound policy for that device (by MAC) and those IPs to force them down the VPN, but the router says something to the effect of no change was made because the rule is essentially the same. Then I tried to create a rule for port 53 traffic, but I cant figure out how to either point it towards my US routers IP or through the tunnel. I have tried several iterations of Gemini and ChatGPT, but they all contain instructions for features or settings that dont exist in InControl or locally. I’m not really sure where to go with this.
Do you want all traffic from the google device to go over the Pepvpn? If so add an enforced rule. for any > any via VPN - or a Priority rule if you want to failback to local WAN if PepVPN is unavailable.
That should force all of its traffic included DNS that way.
I have an enforced rule, but the DNS leaks out. My understanding is that its because the local router acts as a proxy for DNS so the router sees that traffic as from the router and not the google device…
You could create a vlan for the Google device without DNS proxy enabled.
Can you give me an idea of how to do so, please?
Lan, network settings, new LAN, uncheck DNS proxy and assign other properties, then assign that network to a WiFi SSID.
But, if the google device has hardcoded IPs, and DNS settings and is assumedly pointing at 8.8.8.8 and 8.8.4.4 which are googles DNS servers then DNS lookup’s should not be sent to the Peplink LAN IP. I don’t understand where the leak comes from.
Unless it is using DHCP for the DNS, then the Peplink will set itself as the DNS proxy and its proxy will forward DNS requests to the primary resolver which is typically that on the lowest number healthy WAN, You can change that behaviour though and tell the proxy to forward requests to DNS servers over the PepVPN.
Any way to determine which IPs the google device is using for DNS? Is there a UI?
My understanding is exactly what you are saying. Previously, when I used OpenVPN and a Nord VPN account, I just had an outbound policy that any destination IP for 8.8.8.8 and 8.8.4.4 from the Google MAC address went to the OpenVPN. This was the second OB policy for this Google device. And that worked. But, I switched routers from MAX BR1 to B One, I also started using InControl. When I create this second OB policy in InControl, it give me like a yellow triangle and says that the rule was not applied because it duplicates the other rule. If I do that rule from any device, a lot of stuff stops working on my laptop and other devices. Weirdly, it seems like no DNS resolves because I cant even log into InControl.
How do you tell the proxy to forward the requests over the PepVPN, thats what I cant find, but all the ChatGPT and Gemini think I should do. However, when I try their instructions, the forward to IP part is always missing in the actual InControl…