Help on configuration

Bruno · Jun 8, 2017

Hello.

I have a question regarding the configuration on OSX and iOS.

First of all I installed on both platform Adguard and Pro (iOS) and NordVPN.
Here is my configuration:
1. Airport Extreme - DNS used are OpenDNS Home custom
2. OSX latest version - DNS used are OpenDNS Home custom
3. iOS latest version - DNS used are OpenDNS Home custom
4. iOS latest version - Adguard Pro with OpenDNS Home custom

My questions are related to my DNS configuration.
1. Is there an issue in term of DNS leak by using OpenDNS instead of NordVPN ones?
2. Using OpenDNS, does it mean that my data will not be encrypted and can be viewed by my ISP or OpenDNS people?

Thanks for your answer and recommendation.
Bruno

Gass · Jun 8, 2017

Bruno said:
Hello.
My questions are related to my DNS configuration.
1. Is there an issue in term of DNS leak by using OpenDNS instead of NordVPN ones?
2. Using OpenDNS, does it mean that my data will not be encrypted and can be viewed by my ISP or OpenDNS people?

Thanks for your answer and recommendation.
Bruno

Just a suggestion if no answers are given here - look to NordVPN support of your questions #1 and #2. Possibly their own forum for users experiences in those OS platforms.
Gass

Bruno · Jun 8, 2017

I just did it.
"To answer your question - your traffic is encrypted on your computer not at DNS servers. However, it may not work with OpenDNS, since most of open source DNS servers do not work with our service. Also, the no-logs policy applies to all of our servers, DNS'es as well, so we always recommend using our own DNS servers."

However, does it mean I should also add NordVPN DNS into Adguard Pro iOS?

Gass · Jun 9, 2017

Bruno said:
I just did it.
However, does it mean I should also add NordVPN DNS into Adguard Pro iOS?

Maybe from the Adguard program itself the (would be on Windows OS - so I'm not sure with Mac's) menu tray box "Adguard icon" click on support tab/feature and use that to ask your unanswered question.
@Boo Berry may be of some assistance as a macOS user (given he has the time to answer) here, possibly in a day or two PM him, as the start of this sentence with his mention - he has been updated that someone on the forms has mentioned his user name...

Bruno · Jun 9, 2017

Thanks Gass. However my question is related to iOS platform. There are no DNS settings in Adguard for OSX at the present time.

Gass · Jun 11, 2017

Bruno said:
Thanks Gass. However my question is related to iOS platform. There are no DNS settings in Adguard for OSX at the present time.

Yowl I'm handicapped to knowing about that OS and platform your using, so I'm not getting it and I'll try one last time and then stop, if nothing more than to let you know in something beneficial or not - or where to look or not.

Adguard Blog had this -
Adguard Pro for iOS
30 September 2016 on Adguard for iOS, Release notes
What's new?
As it's mentioned, the main difference between new Pro version and the already familiar Adguard for iOS is the ability to filter traffic of other apps and browsers. This is possible thanks to Adguard DNS incorporated into Pro version.
If you are a type of person who always prefers a bit of fine tuning to default setup, we have a handy tool for you. DNS requests log will help you monitor all requests and easily whitelist any website you'd like to support.

In comments in the blog post-
You can definitely use good old content blocker, but i am not so sure about PIA and AG DNS compatibility, we should test it.

We keep track of compatible VPN apps on github:
https://github.com/AdguardTeam/AdguardForiOS/issues/162
TYPING THE TERM dns settings IN THE SEARCH BOX RETURNED THESE RESULTS-
Code45
https://github.com/AdguardTeam/AdguardForiOS/search?utf8=✓&q=DNS+SETTINGS&type=
Issues13
https://github.com/AdguardTeam/AdguardForiOS/search?q=DNS+SETTINGS&type=Issues&utf8=✓

Then later down in the comments I see this by A.Meshkov-
Adguard uses iOS network extensions API to setup a fake VPN. It is more complicated, but much more functional. Also it should work ok along with the other VPN profile. I mean even standard VPN apps should work along with AG. JFYI, we are testing apps compatibility right now: https://adguard.com/en/adguard-dns/overview.html

next - Currently it replaces system DNS with AG DNS: https://adguard.com/en/adgu...

Please note, that it's not a final solution. The next feature will be local DNS requests filtering with no need in using our DNS. More than this, you'll be able to set any DNS servers you want (which is currently impossible to do for cellular network).

- - - - - -
Adguard's Knowledge Base > Adguard for iOS > Overview
DNS-filtering in applications. Adguard for iOS Pro allows you to control access to the DNS services in applications - this filters the traffic in different applications and browsers, not just in Safari.

Whitelist / blacklist in the application. Using this feature you can always enable or disable advertising filtering on certain sites.

DNS log. Using DNS log you may find the respective request in the log and block the domain in request details.
https://kb.adguard.com/en/ios/overview

Adguard's Knowledge Base > Adguard for iOS > Features > DNS Filtering
Among other functions, AdGuard Pro has a special mode: DNS Filtering. It allows to set any DNS servers as default ones and quickly switch between them. If you want, you can use public Google DNS servers instead of those suggested by AdGuard, set up OpenDNS, or type in any other addresses, e.g., those from your provider. Use this mode in case system-wide filtering is unavailable for any reason – for example, when your device is running another app requiring VPN connection.

DNS servers that can be utilized in the DNS Filtering mode include AdGuard addresses. Their use allows to block ads, counters, and phishing websites in various iOS apps and browsers, not only in Safari, just like system-wide filtering would. More information regarding AdGuard DNS is here. You can quickly change DNS server settings and switch between different addresses as needed.

While using AdGuard DNS, users also have access to the filtering log; however, it does not affect traffic processing in this mode – the blacklist and whitelist are only available in the system-wide filtering mode. If DNS Filtering is enabled, the user is only capable of tracking current requests in the filtering log.
https://kb.adguard.com/en/ios/features

NOTICE the "Limitations" there after the above info. and after the Family Mode, and then the "Solving problems" there after that section.
- - - - -
Another Blog post (relevant or not) / Adguard DNS now supports DNSCrypt https://blog.adguard.com/en/adguard-dns-now-supports-dnscrypt/
- - - - -
Adguard DNS Setup guide > iOS

iOS

From the home screen, tap ’Settings’
Choose ’Wi-Fi’ in the left menu (it is impossible to configure DNS for mobile networks)
Tap on the name of the currently active network
In the ’DNS’ field enter our DNS addresses:
176.103.130.130
176.103.130.131
for ’Default’ servers;
176.103.130.132
176.103.130.134
for ’Family protection’ servers.

https://adguard.com/en/adguard-dns/instruction.html#instruction

Well I'm still handicapped to know if any thing here helps, I'm almost to thinking if Adguard's Team hasn't been able to offer DNS (Beta or not) settings in Adguard for OSX, specifically in DNS for mobile networks or local DNS requests filtering on iOS - it's an Apple handicap and not the Adguard Pro iOS app itself limitations. There was this I saw though "you'll be able to set any DNS servers you want (which is currently impossible to do for cellular network)", so something is in the works and not ready for prime time yet possibly.

I'm an experimenter and I'd personally try switching out your NordVPN-DNS address settings and try that in Adguard Pro iOS - with the above iOS guide instructions, being sure to copy what's there first incase you need to revert back to the prior settings and their not the same as listed in that guide above.
That's all I got and will stop now

good luck.

avatar · Jun 12, 2017

Bruno said:
1. Is there an issue in term of DNS leak by using OpenDNS instead of NordVPN ones?

Yes, but I suppose DNS leak issue is overrated as a whole. There are quite a few better ways of tracking & fingerprinting people, knowing which DNS is not really important.

On the other hand, it's rather odd to use OpenDNS as web analytics is their business.

Bruno said:
2. Using OpenDNS, does it mean that my data will not be encrypted and can be viewed by my ISP or OpenDNS people?

It depends on how NordVPN works. If they route DNS traffic through their tunnel, ISP won't see it.

Bruno · Jun 13, 2017

@avatar Thanks very much for your answers but due to my lack on knowledge on the subject and my configuration - complex? - I am not sure I got it right.

From NordVPN website it says:

When using privacy service like NordVPN, it is very important that all of your Internet traffic originating from your machine is routed through VPN network. If any traffic is leaked outside of the VPN connection to the network, any adversary monitoring the traffic will be able to log all your activity.

Domain Name System (DNS) is used to translate domains such as www.nordvpn.com into a numerical IP addresses for instance 121.121.212.121 which are required for routing data packets on the Internet. Whenever your device contacts a server on the world wide web, such as the entered URL in your browser, your computer send a request to a DNS server for the IP address. Most of the Internet Service Providers assign their controlled DNS servers to the customers and use it for logging and recording Internet activity made by you.

Sometimes, even when connected to the VPN network, the operating system resume to use default DNS servers instead of using the anonymous DNS servers.

How to solve the DNS leak?
1. Our custom application for Windows, Mac OS X, Android and iOS has a DNS leak protection feature implemented automatically, which will prevent your DNS from leaking.
2. Use NordVPN DNS servers.

So I do not understand if I have to add or not their DNS in my Router, WiFi settings on my iPhone and Adguard Pro DNS configuration.

Regarding the Tunnel topic I found this, but it also does not help me on the DNS issue.

As soon as you connect to our VPN server your computer is assigned a new IP address and new DNS resolvers. Then all of your Internet traffic is encrypted and is tunneled to our VPN server. Once there, it is decrypted and allowed to travel to its intended destination. Your local ISP will only see a single encrypted data stream between you and our VPN server. Your ISP can no longer monitor, log or control your Internet usage and you can bypass your ISP restrictions.

avatar · Jun 16, 2017

Bruno said:
So I do not understand if I have to add or not their DNS in my Router, WiFi settings on my iPhone and Adguard Pro DNS configuration.

They claim that you should not, it'll be done automatically.

I am just not sure that it works properly in case of two VPNs used at the same time.

Bruno · Jun 16, 2017

Indeed, however Adguard is establishing a fake VPN, right? So is there really an incompatibility here? Somewhere in the forum NordVPN is identified as a VPN which works with Adguard, as I am asking in my other thread, what does it mean exactly...?

avatar · Jun 16, 2017

Bruno said:
Indeed, however Adguard is establishing a fake VPN, right? So is there really an incompatibility here? Somewhere in the forum NordVPN is identified as a VPN which works with Adguard, as I am asking in my other thread, what does it mean exactly...?

Technically they're compatible because AG works as a "personal VPN", and NordVPN as an "enterprise VPN", and iOS somehow manages to chain tunnels.

So, in theory, traffic goes through one tunnel first (in our case just the DNS traffic), then it goes through the second tunnel (real encrypted VPN).

Bruno · Jun 21, 2017

Got it. Thx

Gass · Jun 21, 2017

Bruno said:
Got it. Thx

That's good.
What exactly was it?
Could you highlight/reflect your understandings, what seemed as a roadblock and how you got passed that - I'm sure others will come and like to know this

Gass

Vanco · Aug 12, 2017

Yes @Bruno , could you please explain what you got?
I got NordVPN and Adguard Pro on OsX and iOsas well , and I don't really know what have to do with DNS.
Id I put Adguard DNS , got DNS leak for sure

So , please , tell us what you have understood ;-)

Thx

Bruno · Aug 13, 2017

It means the traffic flows this way:
You -> NordVPN -> Adguard DNS -> Internet

@Vanco In order to avoid DNS leak you must add NordVPN DNS into Adguard iOS setup instead of Adguard Default. Also NordVPN says the encryption starts on the computer and not at the DNS level. Also "DNS servers do not work with our service - NordVPN. Also, the no-logs policy applies to all of our servers, DNS'es as well, so we always recommend using our own DNS servers."

In summary if you want "full" privacy and security you must use NordVPN DNS and not Adguard ones. Then, just use Adguard basis version.

BTW Vanco, don't you face persistent disconnection with NordVPN?

Vanco · Aug 14, 2017

Thanks a lot @Bruno.
It was what I feared...

No disconnection at all since last stable version of NordVPN app.But if I put Nord VPN DNS in Adguard config , connexion speed is really better.

I don't really understand why in split tunnel mod , if their s no outcoming connexion but only a private vpn , DNS leaks are possible with Adgard DNS.
So , I got pro version for nothing :-/

So , do you test Adguard as a proxy on mac with Nord VPN?

Bruno · Aug 14, 2017

@Vanco You are lucky you get no disconnection at all!
I have some on my MBP, maybe 3 to 5 times a day, but many more on my iPhone 7 Plus, at least every two hours if not more. I am bringing both my devices to the Genius Bar this week to see if there is a problem with my WiFi antenna or card.
However if you check iTunes Store and Google it, it seems many people are facing this issue. To be sure you must check the NordVPN connection in iOS setting to see how long it is up and running because it will reconnect automatically so you will not notice you got disconnected.

I am king of confused about Adguard fake VPN configuration because if you look in iOS VPN settings, Adguard Pro has an IP. So you have your real IP from your ISP, Adguard IP and NordVPN IP. If you do a leak test with Adguard on and NordVPN off you will see that your IP is in fact the one from Adguard. But if you run NordVPN in parallel then your IP will be from NordVPN.

Because NordVPN released their CyberSec feature to block Ads, I am afraid that will duplicate Adguard aim.

A proxy server is a server where connections/requests are being made to instead of to the final destinations, and the proxy makes the connections/requests to the final destinations. It is a computer system that sits between you and the Internet. If you are wanting to surf the web anonymously then proxies can provide you with a means to hide your home IP address from the rest of the world.That said, a proxy server is something like a "man in the middle", connecting the two end points.
So why would you use a proxy and a VPN? It does not make any sense.

Remember that DNS and Proxy are 2 different things that you cannot compare. Cool and simple VPN will explain it better than me

Code:

https://www.youtube.com/watch?v=66aGNtzsZ8U

Help on configuration

Bruno

Member

Gass

Member

Bruno

Member

Gass

Member

Bruno

Member

Gass

Member

avatar

Administrator

Bruno

Member

avatar

Administrator

Bruno

Member

avatar

Administrator

Bruno

Member

Gass

Member

Vanco

New Member

Bruno

Member

Vanco

New Member

Bruno

Member