[SOLVED] DNS Leak while torrenting with openvpn

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 20

PostPosted: Sat Nov 23, 2019 22:52    Post subject: [SOLVED] DNS Leak while torrenting with openvpn Reply with quote
Hi guys,

I use a netgear R7000 Broadcom ARM with Firmware v3.0-r36070M kongac (05/31/18 )flashed with this file : dd-wrt.v24-K3_AC_ARM_STD

I configured openvpn properly with my vpn provider settings
.
Everything works very well.

I also have a VAP without VPN on gateway 192.168.2.1

The DHCP ranges for the main network goes from 192.168.1.64 to 192.168.1.127.

So I added the ip table 192.168.1.1.64/26 in the based policy routing and this rule as a firewall for killswith :

iptables -I FORWARD -s 192.168.1.1.64/26 -o $(get_wanface) -m state --state NEW -j REJECT

Thanks to egc Very Happy

I have a weird problem, I have DNS leaks only when I use a torrent client which is annoying to download my linux distributions out of sight;)

Do you have any ideas on the subject?
Many Thx


Last edited by Dughall on Mon Nov 25, 2019 11:26; edited 1 time in total
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6411
Location: UK, London, just across the river..

PostPosted: Sat Nov 23, 2019 22:58    Post subject: Reply with quote
i guess some VPN providers does not support torrenting...im not a VPN user its a pure guess...
_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 20

PostPosted: Sat Nov 23, 2019 23:07    Post subject: Reply with quote
Mine does. I am connected to a server dedicated to p2p. That's why I found this weird.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Sun Nov 24, 2019 8:40    Post subject: Reply with quote
When using PBR you always run the risk of a DNS leak.

On your old build it is not easy to mitigate this entirely but have a look at the third post in this thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686

Enabling Forced DNS redirection and using the no-resolv directive should normally force the use of the DNS server of your liking, they will however still be send out into the open, as your old build does not support the VPN "route" command.

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 20

PostPosted: Sun Nov 24, 2019 10:19    Post subject: Reply with quote
Thank you egc.

I will try that.

Have you an idea with theses leaks which happens only when torrenting ? It's weird no ? Zero leaks when I don't use torrent client. I tried with Qbittorrent and transmission.

Thx
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 20

PostPosted: Sun Nov 24, 2019 10:43    Post subject: Reply with quote
The command line no-resolv + server= seems to be working.

I will try some tests next days then I will mark solved on the thread if everything is ok.

Thank you
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Sun Nov 24, 2019 10:57    Post subject: Reply with quote
Dughall wrote:
Thank you egc.

I will try that.

Have you an idea with theses leaks which happens only when torrenting ? It's weird no ? Zero leaks when I don't use torrent client. I tried with Qbittorrent and transmission.

Thx


To get to the bottom of this I have to see a lot more of you configuration and have to see how the bittorent clients interact with it, it is also related to which build you use and even what WAN interface you have (automatic or static or PPPoE etc).

I can write a book about all this but I won't because i am currently working on Wireguard Smile

But I saw your next post and if that quick fix helps (it should be) then indeed mark it as [SOLVED] Smile

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 20

PostPosted: Mon Nov 25, 2019 11:23    Post subject: Reply with quote
Quote:
I can write a book about all this but I won't because i am currently working on Wireguard


This tech seems very good, but is it safe to adopt it now ?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Mon Nov 25, 2019 11:39    Post subject: Reply with quote
Dughall wrote:
Quote:
I can write a book about all this but I won't because i am currently working on Wireguard


This tech seems very good, but is it safe to adopt it now ?


If you are not a high level government target, yes it is safe to use.

I am writing a How To guide for DDWRT, first draft will be ready end of this week, covering the use of DDWRT as a server, Android Client, Windows client and using DDWRT as a client Smile
There is already a wiki which is quite good

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6411
Location: UK, London, just across the river..

PostPosted: Mon Nov 25, 2019 12:38    Post subject: Reply with quote
Does PIA supports Wireguard ???
if im not wrong do you use PIA as well?
In that case i may jump on board...
i may consider getting a VPN pack if they get tempting prices soon... and Im quite keen to try Wireguard as an alternative...
Does it gets bett speed with R7800...?

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Mon Nov 25, 2019 13:37    Post subject: Reply with quote
Alozaros wrote:
Does PIA supports Wireguard ???
if im not wrong do you use PIA as well?
In that case i may jump on board...
i may consider getting a VPN pack if they get tempting prices soon... and Im quite keen to try Wireguard as an alternative...
Does it gets bett speed with R7800...?


Unfortunately PIA does not support Wireguard yet.
I have not done any formal speed testing but a quick test with my R7800 showed speeds of 240 Mb/s instead of 90 Mb/s on OpenVPN

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 2030

PostPosted: Mon Nov 25, 2019 15:32    Post subject: Reply with quote
Alozaros wrote:
Does PIA supports Wireguard ???


I found these many moons ago.
They are over a year old.
It would be nice to see an update from them.

https://www.privateinternetaccess.com/blog/2018/01/private-internet-access-proud-supporting-wireguard-project/

https://www.privateinternetaccess.com/blog/2018/09/the-current-status-of-wireguard-vpns-are-we-there-yet/

_________________
Forum Guide Lines (with helpful pointers about how to research your router, where and what firmware to download, where and how to post and many other helpful tips!)
How to get help the right way

Before asking for help - Read the forum guidelines AND Upgrade DD-WRT!
Adblock by eibgrad + Blocklist Collection
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 20

PostPosted: Mon Nov 25, 2019 16:39    Post subject: Reply with quote
These ones support wireguard :

AzireVPN.
VPN.ac.
TorGuard.
Mullvad.
IVPN.
NordVPN (still in testing)
Private Internet Access (still in testing)

Maybe I'll try with Mullvad, I don't know yet

I'm eager to see egc's guide ^^
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12839
Location: Netherlands

PostPosted: Mon Nov 25, 2019 17:07    Post subject: Reply with quote
First draft is up: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135#1183135

DDWRT as a client will be added later this week, it needs some scripting, but is running already.

It is a first draft

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 20

PostPosted: Fri Nov 29, 2019 8:51    Post subject: Reply with quote
Sorry I have a last question even if the topic is solved Very Happy

Quote:
Enabling Forced DNS redirection and using the no-resolv directive should normally force the use of the DNS server of your liking, they will however still be send out into the open, as your old build does not support the VPN "route" command.



Does it have an impact on privacy ? And the PBR command in openvpn seems to be working because the traffic is routed through the VPN except my VAP and this is have wanted :

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322010


Do you suggest to upgrade version of dd-wrt (with factory reset) ?
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum