SoftEther VPN User Forum

Hello, I've set up a SoftEther VPN server on my dedicated server. It is running on the default configuration (with a few modifications). I don't think the specific config and stuff is necessary for this question. Anyway, I (and possibly others) plan on connecting to this VPN through a smartphone (Android/iOS) when I am on a specific network (which is fairly constricting) in order to access blocked content. I cannot test what the network have blocked at this time. However, I am quite sure that they've blocked most ports (apart from the common ones like 80, 443, etc.), certain domain names from their DNS servers & most public DNS servers (like Google's 8.8.8.8). This means I cannot use L2TP so intead I use the OpenVPN Connect app to connect to the VPN on port 443. This all works fine, but the problem is that my DNS is getting leaked which means that I won't be able to access certain blocked content. I'm trying to figure what the best way to resolve this would be. I do have a BIND server running which I can set-up as a forwarder if necessary but I don't know how to actually make Android/iOS use my forwarder while connected to the VPN. Any ideas would be appreciated (I need this to work for both Android and iOS).

If you are using the official OpenVPN client for Android, then disable the "DNS Fallback" option in the connection preferences for the SoftEther server. There might also be a way to force DNS behavior in the VPN import file.

The DNS forwarder in SoftEther is sometimes unreliable. If you are using SecureNAT, then try setting whatever is in the /etc/resolv.conf file instead of using the SoftEther gateway address.

Thanks for the reply. I don't use SecureNAT but I've figured it out. I am using dhcpd on "tap_vpn" interface (bridged to my SoftEther hub).

I simply added this to /etc/dhcp/dhcpd.conf:
> option domain-name-servers 192.168.250.1;
(192.168.250.0/24 is the subnet I'm using for my VPN)


Then, I set up BIND as a forwarder on that IP. I added this to /etc/named.conf:
> listen-on port 53 { 127.0.0.1; 192.168.250.1; };
> forwarders { 8.8.8.8; 8.8.4.4; };

Hopefully this helps anyone that is looking to accomplish something similar. And yes, don't forget to disable "DNS Fallback" on the OpenVPN Connect client.