Help with OpenVPN leak

I just got the OpenVPN license for my Balance305, to connect to a private server hosted in another router of mine in another country.
I installed it according to instruction, and the new WAN called openVPN WAN 1 appeared in the Dashboard
Via Outbound policy, I routed the traffic of one PC enforced through the new openVPN WAN (via MAC).
No other fancy settings. I am pasting the present configuration.

What I can see, is that the PC does get the public IP of the remote router, but a dnsleaktest.com shows several DNS’s in other countries in between. I therefore think it’s leaking!

What should I do to prevent this issue? I know the server if good, because when I Connect to it via OpenVPN Connect client app (Android or PC), it does not leak.

Please help if you can, thanks!

Is your PC getting a DHCP IP from the Balance? What DNS servers is the PC using? Your Balance 305 has a DNS proxy built in, I suspect your PC is sending it DNS requests which it is forwarding to the default WAN DNS forwarders. You could create an enforced outbound policy for source ANY destination ANY, port USP 53 and another for TCP 53 and set the OpenVPN as the path.

Hi,

Yes it is DHCP, with an IP MAC reservation on the PC:

About your suggestion to enforce port 53 through the OpenVPN WAN, will this affect all the other computers in the LAN? I need only one computer to go through the OpenVPN. The others should not and should not have increased delays or anything like that.

so set the source ip/mac address on the rule to be that of the pc in question.

I did not work, still leaking. I was already enforcing everything for that MAC through the OpenVPN WAN. Adding two more rules just for port 53 udp/tcp did not change anything, it’s still leaking.
It seems the Balance is giving to the PC the closer dns’s from two of the local WAN’s, and not channeling everything through the VPN assinging the DNS’s seen from the VPN server.

I assume your PC has its DNS servers set to the LAN IP of the Peplink right via DHCP?

If so I suspect you have DNS proxy enabled in Network > LAN | Network Settings, try disabling that.

Or manually set the PC IP and DNS settings so you are using public DNS servers - the requests for which should then get sent out over OpenVPN…

Yes I have proxy enabled:

But if I uncheck it, I cannot go to any website anymore…
About your second suggestion to modifying the network settings of the PC, it’s not an option, I don’t have admin rights.

Ideally I need the OpenVPN Connection to use dns inside the tunnel. All the other connection can use whatever is closer/faster.

Something to change in this page?

Thanks for your help!

Not until your devices reboot or refresh their IP from DHCP because their DNS server entries will still be pointing to the peplink LAN interface.

With DNS Proxy disabled, devices that get new DHCP IPs will get assigned the preferred public DNS servers (normally those from WAN1) but you can change it.

Once they are using public DNS the PC you want to go via OpenVPN will send its DNS queries that way also.

wow, this fixed it:

  1. disable proxy settings
  2. in each wan, disable automatic DNS and set the recommended one for each provider.
  3. for the OpenVPN WAN, set US DNS’s 1.1.1.1 and 8.8.8.8
  4. reboot

and voila’, the PC enforced through the VPN WAN does not appear to leak anymore. All the other PC’s get the closer/faster DNS.

This fixed the VPN leaks, thank you so much!