Dear @btx,

btx wrote

@Fae 

please fix this one too:

The following sensitive language has been used which goes against the rules of the Community: "𝐡𝐞/𝐬𝐡𝐞". Please enter again.

Thank you for your valued feedback. It's fixed now.

As a follow-up to this post:

I just noticed that the router is also using Google-DNS - even without an active VPN and without any Google-config on the WAN-port (see attached images).

The first image shows the IP-statistics between Google-DNS and the TP-link router.

The second image shows the WAN-settings of the TP-link router.

Is there anything I can do to prevent this from happening?

Alternatively: would it work to block all outgoing DNS traffic with destination 8.8.8.8?

Cheers - Will

=====

  @ITV I would think you could create a stub LAN subnet (ie dummy subnet that goes nowhere, except maybe some unused port on the ER605) on the router for 8.0.0.0/8, router IP being 8.0.0.1 and that should blackhole any Google DNS traffic.  I don't think any Policy Route should be required, but you'll know soon enough in your PCAP.

Thank you all for the feedback.

I took the easy way out by adding a rule which denies all DNS traffic to the Google DNS-services.

This was easy because the TP-link router ACL's work with an "implicit allow" (versus "implicit deny" like most other vendors).

Team Tp-link-support:

Just read the release notes of the new controller version (i.e. 5.6.3) - in particular the section called "VPN optimization":

Does this mean that this issue is fixed when the new gateway firmware is also made available?

Cheers - Will