Posted: Tue Jan 19, 2021 19:51 Post subject: OpenVpn Client/Server and DDNS
Hello. Hope to find some help here.
Have XR500 running DD-WRT v3.0-r45192 std (12/29/20)
Configured OVPN client which is connected to the ExpressVpn.
Configured OVPN Server to connect to my local network from the outside.
Everything works perfectly and I can connect to my local network only via WAN IP. Is it possible to force DDNS client to report VPN IP and connect to the local network via that IP?
route api.dynu.com 255.255.255.255 vpn_gateway
I somehow managed to report VPN IP to the DDNS provider and it was right but I could not connect to the internal network since then.
Also, I use dns-leak-test from here
which shows only one leak when the router is rebooted.
How to trace where leak comes from?
Or is it possible to fix this while using PBR?
Jan 19 20:22:15 router user.notice ddwrt-ultimate-dns-leak: Tue Jan 19 20:22:15 CET 2021: dns leak detected Query Over WAN
Jan 19 20:22:15 router user.warn ddwrt-ultimate-dns-leak: dns leak detected Query Over WAN
First, DDNS by default only looks at the WAN ip to determine the public IP (specifically when it detects a change), although you could change it to use a URL that returns the current public IP. But you would still have the problem of having DDNS detect the change of the VPN ip since it's still monitoring the WAN ip. So all in all, I don't think messing w/ DDNS makes much sense here. There might be better ways, including perhaps checking w/ the VPN provider. Sometimes they provide information about your active connections when accessing your account on their website.
Second, most VPN providers do NOT support remote access over the VPN. And being an ExpressVPN user myself, I know they don't, specifically because they believe it undermines the user's security and privacy.
Joined: 04 Aug 2018 Posts: 1089 Location: Appalachian mountains, USA
Posted: Tue Jan 19, 2021 23:14 Post subject:
FWIW, AirVPN supports "static VPN port forwarding" for internet clients to connect to your system (assuming you tweak the firewall appropriately) by connecting to a particular port on the VPN server's exit IP. They assign the port number to you long term (if you wish), hence "static." Very few VPN providers offer static forwarding like this. More providers offer dynamic port forwarding, where the port number is assigned (I believe) for the duration of your connection to the server. If you do not always use the same server, Air has a DDNS service that will map a fixed fqdn to the exit IP of whatever server you are currently connected to. (That would seem to require you to connect only one client.) See airvpn.org. dd-wrt how-to linked in my sig. _________________ Five WRT1900ACSv2's on 42926, 44048.
VLANs, VAPs, NAS, client-mode travel router, OpenVPN client (AirVPN), DDNS, wireguard servers, wireguard clients (AzireVPN), two DNSCrypt DNS providers (incl Quad9) via OpenVPN/wireguard clients.
Joined: 18 Mar 2014 Posts: 7268 Location: Netherlands
Posted: Wed Jan 20, 2021 9:37 Post subject:
Most things are already answered, and as Express VPN does not provide port forward via VPN there is no need to get the IP address from the VPN (like the way you are setup enabling "Use external IP check" on DDNS setting page might work though)
Port forwarding via VPN is possible I had it running once using very sophisticated scripts from @eibgrad when I was using Private internet Access I used it to get to my summer residence as it was behind a residential gateway.
The other problem a DNS leak when the router is rebooting, that is indeed logical as it take some time (can take 1 to 2 minutes) before the tunnel is up and (DNS) traffic is routed via the tunnel.
That is why you use a kill switch (the kill switch does not prevent the DNS leak but prevents clients using it)
It is in theory possible to start the router without any DNS, so actually waiting until the tunnel is up and DNS is setup via the tunnel.