NextDNS on OpenWRT Router - Blocks Work & School VPNs
I set up NextDNS on my router using OpenWRT and was able to apply profiles by MAC address using the instructions for Conditional Configuration on the wiki - this was working great until I noticed that my work laptop wasn't able to connect to its VPN... (a custom setup) and my kids' school laptop was also unable to connect using a Cisco AnyConnect VPN. As much as I like the features that NextVPN provides it's not going to work for me unless there is a way to be able to access work & school networks. Any suggestions?
Have you checked your NextDNS profile to see what's being blocked and/or if you selected a ruleset that is blocking VPNs? You should be able to initiate a connection and then see the block on the NextDNS logs page and from there whitelist the domain that's being blocked and preventing your VPN from making the connection. Also remember, that most Enterprise VPNs (like Cisco AnyConnect) force the computer to use the VPN DNS providers once connected so at that point NextDNS wouldn't be blocking anything.
Hope that helps.
When I use the "forwarder" option in the config file in an effort to allow the VPN to bypass NextDNS entirely a "." is appearing between the address and the DNS server that I'm recommending. For instance, I try to indicate that foo.bar.com is to be pointed to 22.214.171.124 by saying "config set -forwarder foo.bar.com=126.96.36.199" however when I look at the config it says "forwarder foo.bar.com.=188.8.131.52" I'm not sure if this is significant.
I'm using the CLI on an OpnenWRT router - checking the logs using:
doesn't even show records that I can identify as coming from the laptop that's trying to run the VPN... (which is a Cisco umbrella) I've tried adding the IP's associated with Umbrella (as listed on the Cisco site as "Prerequisite" ) to the Allowlist... and / or to the rewrites. Doesn't seem to matter... until I run
on the router the laptop just says "the VPN connection failed due to unsuccessful domain name resolution"
Am I the only person who is trying to use NextDNS with one of these devices on my network??