• This is a political forum that is non-biased/non-partisan and treats every person's position on topics equally. This debate forum is not aligned to any political party. In today's politics, many ideas are split between and even within all the political parties. Often we find ourselves agreeing on one platform but some topics break our mold. We are here to discuss them in a civil political debate. If this is your first visit to our political forums, be sure to check out the RULES. Registering for debate politics is necessary before posting. Register today to participate - it's free!

Stacking vpn and ad-blocking dns static ip addresses?

Cardinal

Respected On All Sides
DP Veteran
Joined
Jun 20, 2008
Messages
106,259
Reaction score
97,646
Gender
Male
Political Leaning
Independent
I'm getting a dd-wrt router so that I can configure a vpn at the router level and anonymize all devices on my network at once. Just to follow along, here are the instructions I'll be following when the router arrives in the mail:

https://www.privateinternetaccess.com/pages/client-support/dd-wrt-openvpn

Which is all relatively straight forward, except that I also want to adblock all devices on my network as well, which requires putting in Alternate DNS's static ip's.

The only problem is it looks like I'm told to fill in three separate static ip addresses for the vpn, which doesn't appear to leave any fields left for Alternate DNS.

Additional confusion: As it currently stands, I have Alternate DNS configured on my router right now, but I also have the PIA client running on my computer, which means that somehow, somewhere, PIA's own DNS address is running, doing its vpn thing, while Alternate DNS is simultaneously blocking ads to all my devices. If possible how do I push everything onto the router?

Bonus question: Let's say what I want is even possible. While Alternate DNS is an extremely effective adblocker, it's absolutely vicious about disrespecting privacy. It makes no bones about the fact that the user is the product and their business is collecting your browsing history for selling to third parties. So the question is, if I'm using Alternate DNS's static ip and encrypting all of my traffic through PIA at the same time, can Alternate DNS see my browsing before it hits the vpn tunnel, or does the vpn tunnel sit between me and Alternate DNS, therefore disguising my browsing from everybody (but the vpn of course)?
 
Last edited:
It would seem to me, since the PIA client is running in your computer, that the router based vpn likely does NOT mask your activity from Alternate DNS. But I am not certain.
 
It would seem to me, since the PIA client is running in your computer, that the router based vpn likely does NOT mask your activity from Alternate DNS. But I am not certain.

See, that is really baffling to me. If I didn't go with Alternate DNS's static ip, then in its place would just be my normal isp's static ip, and one very common use of a vpn is to hide traffic from the original isp. Right? And besides that, when I do a check on my ip I get back the ip address of my vpn tunnel. But that still doesn't really settle in my mind whether or not Alternate DNS is able to watch my browsing.

Edit: I misread your post. I guess the only way to see if a router-based vpn is disguising my traffic from Alternate DNS is to do "what's my ip" at that time, though of course that assumes that I'm even able to put both of them on the router first.
 
Last edited:
I'm getting a dd-wrt router so that I can configure a vpn at the router level and anonymize all devices on my network at once. Just to follow along, here are the instructions I'll be following when the router arrives in the mail:

https://www.privateinternetaccess.com/pages/client-support/dd-wrt-openvpn

Which is all relatively straight forward, except that I also want to adblock all devices on my network as well, which requires putting in Alternate DNS's static ip's.

The only problem is it looks like I'm told to fill in three separate static ip addresses for the vpn, which doesn't appear to leave any fields left for Alternate DNS.

Additional confusion: As it currently stands, I have Alternate DNS configured on my router right now, but I also have the PIA client running on my computer, which means that somehow, somewhere, PIA's own DNS address is running, doing its vpn thing, while Alternate DNS is simultaneously blocking ads to all my devices. If possible how do I push everything onto the router?

Bonus question: Let's say what I want is even possible. While Alternate DNS is an extremely effective adblocker, it's absolutely vicious about disrespecting privacy. It makes no bones about the fact that the user is the product and their business is collecting your browsing history for selling to third parties. So the question is, if I'm using Alternate DNS's static ip and encrypting all of my traffic through PIA at the same time, can Alternate DNS see my browsing before it hits the vpn tunnel, or does the vpn tunnel sit between me and Alternate DNS, therefore disguising my browsing from everybody (but the vpn of course)?

I would look into making a piHole, a raspberry pi based adblocker that just connects to your existing network and which you have complete control over. You can also setup your VPN if you really want to.
 
I would look into making a piHole, a raspberry pi based adblocker that just connects to your existing network and which you have complete control over.

I looked into it. The instructions were really intimidating for my tech level.
 
I looked into it. The instructions were really intimidating for my tech level.

I found it really simple actually once you know how basic Linux commands work and you get SSH configured which is not hard if you find the right instructions. It sounds a lot less complicated than what you are doing and you would not have to worry about privacy or anything.
 
On a similar note I recently successfully set the clock on my vhs.
 
I'm getting a dd-wrt router so that I can configure a vpn at the router level and anonymize all devices on my network at once. Just to follow along, here are the instructions I'll be following when the router arrives in the mail:

https://www.privateinternetaccess.com/pages/client-support/dd-wrt-openvpn

Which is all relatively straight forward, except that I also want to adblock all devices on my network as well, which requires putting in Alternate DNS's static ip's.

The only problem is it looks like I'm told to fill in three separate static ip addresses for the vpn, which doesn't appear to leave any fields left for Alternate DNS.

Additional confusion: As it currently stands, I have Alternate DNS configured on my router right now, but I also have the PIA client running on my computer, which means that somehow, somewhere, PIA's own DNS address is running, doing its vpn thing, while Alternate DNS is simultaneously blocking ads to all my devices. If possible how do I push everything onto the router?

Bonus question: Let's say what I want is even possible. While Alternate DNS is an extremely effective adblocker, it's absolutely vicious about disrespecting privacy. It makes no bones about the fact that the user is the product and their business is collecting your browsing history for selling to third parties. So the question is, if I'm using Alternate DNS's static ip and encrypting all of my traffic through PIA at the same time, can Alternate DNS see my browsing before it hits the vpn tunnel, or does the vpn tunnel sit between me and Alternate DNS, therefore disguising my browsing from everybody (but the vpn of course)?

I don't really have a deep understanding of this technology. I'm not sure i understand your first question.

They are asking you what DNS servers you want to use in the router, you can select whatever 3 DNS servers you like, or you could enter the 2 Alternate DNS servers and do something with the unused third:

(1) you could set it to all zeroes, which means it might go and fetch a DNS server from your ISP
(2) you could set it to an unusable IP like 10.0.0.0 and it would be like it's not there.

If you want to force your router to use the Alternate DNS servers, i think (2) is your best option.

As for the PIA client on your computer, i'm not really sure how you would remove or deactivate it, but i would think that you got so far already that i would hope it should be straightforward compared to the rest of this.

And for your last question, i believe that Alternate DNS's servers would be alerted to every hostname you visit. The role of the DNS server is to translate a hostname, like debatepolitics.com, to an IP address, like 123.45.67.89.
 
I found it really simple actually once you know how basic Linux commands work and you get SSH configured which is not hard if you find the right instructions. It sounds a lot less complicated than what you are doing and you would not have to worry about privacy or anything.

One set of instructions at lifehacker requires that I own a raspberry pi first, while this site, https://pi-hole.net/, either assumes I'm smart enough to know that I need to own a raspberry pi first, or it's asking me to run it on my computer. And then there's the danger of "piping to bash" I have no idea what that means, but it sounds either super awesome or super terrifying. Second point: the instructions at pi-hole.net is telling me to put its static ip in the router, which brings me back to the original problem, which is that PIA wants to hog all three static ip fields.

On a similar note I recently successfully set the clock on my vhs.

Yeah, just wait until daylight saving ends.
 
I don't really have a deep understanding of this technology. I'm not sure i understand your first question.

They are asking you what DNS servers you want to use in the router, you can select whatever 3 DNS servers you like, or you could enter the 2 Alternate DNS servers and do something with the unused third:

(1) you could set it to all zeroes, which means it might go and fetch a DNS server from your ISP
(2) you could set it to an unusable IP like 10.0.0.0 and it would be like it's not there.

If you want to force your router to use the Alternate DNS servers, i think (2) is your best option.

As for the PIA client on your computer, i'm not really sure how you would remove or deactivate it, but i would think that you got so far already that i would hope it should be straightforward compared to the rest of this.

And for your last question, i believe that Alternate DNS's servers would be alerted to every hostname you visit. The role of the DNS server is to translate a hostname, like debatepolitics.com, to an IP address, like 123.45.67.89.

First thing's first: theoretically, could I add both the vpn's static ip and the alternate DNS static ip at the same time? Why is it that each time a DNS wants to use two of the fields (or in PIA's case, three)?

I think the primary reason for my confusion is I haven't figured out what I'm doing exactly when I fill those three fields with static ip addresses, and why there's only three of them available at any time.
 
First thing's first: theoretically, could I add both the vpn's static ip and the alternate DNS static ip at the same time? Why is it that each time a DNS wants to use two of the fields (or in PIA's case, three)?

I think the primary reason for my confusion is I haven't figured out what I'm doing exactly when I fill those three fields with static ip addresses, and why there's only three of them available at any time.

I think the VPN's static IP is separate from the DNS servers static IPs.

Normally there are two DNS servers specified, a primary and a backup. I don't know why we added a third, i can't really defend that other than by remarking that engineers seem to think that they can fix gunshot wounds by stacking bandaids on top.
 
I think the VPN's static IP is separate from the DNS servers static IPs.

Normally there are two DNS servers specified, a primary and a backup. I don't know why we added a third, i can't really defend that other than by remarking that engineers seem to think that they can fix gunshot wounds by stacking bandaids on top.

But can you stack static ip's? Could you put the vpn's two ips in the first two fields, and then put, say, the pi-hole's (god I hate that name) ip in the third?
 
But can you stack static ip's? Could you put the vpn's two ips in the first two fields, and then put, say, the pi-hole's (god I hate that name) ip in the third?

The DNS servers are just servers that you go to to resolve hostnames. They are IP addresses that you send packets to so that you can find the IP addresses for the hostnames you want to access. They aren't ordinarily in the loop, just when you try to access a new hostname (if i understand correctly).

The IPv4 packets that leave your home and enter the internet will all have the same public source IP address: whatever your ISP chooses.

In your private network, like your home network or your VPN, you can have whatever IP address the network allows. For example, your home computer might be 127.0.0.1. So the pi-hole could have whatever IP address it wants, no matter what, your router/modem will take off the pi-hole's IP and slap on the Source IP address that your ISP assigned to you.
 
The DNS servers are just servers that you go to to resolve hostnames. They are IP addresses that you send packets to so that you can find the IP addresses for the hostnames you want to access. They aren't ordinarily in the loop, just when you try to access a new hostname (if i understand correctly).

The IPv4 packets that leave your home and enter the internet will all have the same public source IP address: whatever your ISP chooses.

In your private network, like your home network or your VPN, you can have whatever IP address the network allows. For example, your home computer might be 127.0.0.1. So the pi-hole could have whatever IP address it wants, no matter what, your router/modem will take off the pi-hole's IP and slap on the Source IP address that your ISP assigned to you.

You're giving me waayyyyyyyy too much credit for my intelligence, Absentglare. I make paintings for people. I don't work in IT.

I'm just dealing with this problem, which is that if I want Alternate DNS to work it needs to look like this...

dns.jpg

...but if I want my vpn to work on my router it'll need to look like this:

dns2.jpg

Do I have to choose one or the other?
 
Well, this thread ended up being unnecessary. The router has a completely independent openvpn function which means that entering the vpn's dns addresses was never necessary. So now I have everything I wanted: anonymity (as far as my ip address goes) and zero ads on my entire network.

I have entered....nerdvana.
 
On a similar note I recently successfully set the clock on my vhs.

Well above my tech level- you are clearly at the genius level.
Remember pass on those genes.
 
You're giving me waayyyyyyyy too much credit for my intelligence, Absentglare. I make paintings for people. I don't work in IT.

I'm just dealing with this problem, which is that if I want Alternate DNS to work it needs to look like this...

View attachment 67225197

...but if I want my vpn to work on my router it'll need to look like this:

View attachment 67225198

Do I have to choose one or the other?

Well, this thread ended up being unnecessary. The router has a completely independent openvpn function which means that entering the vpn's dns addresses was never necessary. So now I have everything I wanted: anonymity (as far as my ip address goes) and zero ads on my entire network.

I have entered....nerdvana.

Ah ****, i started to reply to this but never followed up, sorry.

Glad to see it all worked out.
 
Well, this thread ended up being unnecessary. The router has a completely independent openvpn function which means that entering the vpn's dns addresses was never necessary. So now I have everything I wanted: anonymity (as far as my ip address goes) and zero ads on my entire network.

I have entered....nerdvana.

You are not anonymous :) Your ISP and bank know you are getting internet!

What ads are you blocking btw? Dont really understand that part. Does it mean you dont have any ads at all on websites? Wont websites just deny you access?
 
On a similar note I recently successfully set the clock on my vhs.

:lamo Seriously, spit coffee out lol, when I scrolled to this. Here I was reading and thinking, OMG you are so over your head...is this even english? When I read yours. Thanks, my head was going to explode.
 
You are not anonymous :) Your ISP and bank know you are getting internet!

*Sigh*. I know.

What ads are you blocking btw? Dont really understand that part. Does it mean you dont have any ads at all on websites? Wont websites just deny you access?

I never see ads when I'm using Chrome on a laptop. I'm not super clear on the details, but there are anti-ad lists that things like u-block-origin, PIA's Mace, Alternate DNS and Adguard use. In the end, ads simply don't exist for me on Chrome. I think U-block-origin must have special ninja skills, because everywhere else I still see youtube ads. Not so on Chrome.
 
:lamo Seriously, spit coffee out lol, when I scrolled to this. Here I was reading and thinking, OMG you are so over your head...is this even english? When I read yours. Thanks, my head was going to explode.

If it makes you feel any better, all those cool terms I used didn't amount to anything anyway. Openvpn eventually resulted in an unstable connection, rendering all my efforts useless in the end. So if you had just spent your time drinking beer while I plugged away on DNS and compression settings, you and I would have ended up in the same place. Only you would be drunk and I'm just angry and annoyed.
 
*Sigh*. I know.



I never see ads when I'm using Chrome on a laptop. I'm not super clear on the details, but there are anti-ad lists that things like u-block-origin, PIA's Mace, Alternate DNS and Adguard use. In the end, ads simply don't exist for me on Chrome. I think U-block-origin must have special ninja skills, because everywhere else I still see youtube ads. Not so on Chrome.

Worries me a bit to be honest. No "ad-blocking" system is perfect, and by putting it in the router, you have zero control over it. What sites does it block other than the obvious ads? For example, a common issue is banking sites. Some banks use to rely on "pop up" windows or new tab to login to online banking. Ad blockers had a tendency to block these attempts so you needed controls to deactivate the ad-blocker on said site.

Also a newer popular thing is, sites detecting ad-blocking software and demanding you disable it to view the content. How long till they are able to do the same for router based ad-blocking systems?

Basically dont like the inability to control things easily.
 
Worries me a bit to be honest. No "ad-blocking" system is perfect, and by putting it in the router, you have zero control over it. What sites does it block other than the obvious ads? For example, a common issue is banking sites. Some banks use to rely on "pop up" windows or new tab to login to online banking. Ad blockers had a tendency to block these attempts so you needed controls to deactivate the ad-blocker on said site.

Also a newer popular thing is, sites detecting ad-blocking software and demanding you disable it to view the content. How long till they are able to do the same for router based ad-blocking systems?

Basically dont like the inability to control things easily.

I understand, but I'm faced with the same thing regardless of the DNS address I use. Right now I've gone with Adguard, and their privacy policy specifically states that they won't share my browsing history with third parties. Alternate DNS was quite clear in their privacy policy that I had no privacy.

Regarding my ability to use financial sites, I don't usually have a problem. Every one in a while Ublock-origin will break a site and I'll have to open it in my non-security-decked-out browser, Safari.
 
I'll have to open it in my non-security-decked-out browser, Safari.

Screw the site then... Safari is soooo bad and infected with Apple spying tools !!!
 
Back
Top Bottom