A bit of pretext: I am using an XfinityWifi hotspot as my internet connection, with a family-member's login... It is actually extremely reliable and hasn't ever gone down on me!
I figured that I should probably use a VPN, just in case... so I got NordVPN. It works okay, it's just really slow (halfspeed, as expected)
So what I'm wondering: Where is OpenVPN configured? Does traffic pass through it before wlan1?
Currently wlan1 is connected to the 5ghz hotspot, and wlan0 is the house's wifi.
I feel like I've completely missed a concept here, though I've been trying to figure this out for several months...
Edit: I have AP isolation on wan1; do I even need a VPN, or is it overkill?
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Fri Apr 16, 2021 16:19 Post subject:
Just to add to what egc said, for education's sake...
As a packet leaves the interface or bridge in which it originates, it is subjected to firewall screening and routing. What you are asking is about routing. The router has a look at which interface or bridge it came from, and that determines, via a "rule" list, which of at least two (if you are using a vpn) routing tables to use. The packet's destination address is then compared to the entries in that routing table to determine what interface to send it to. In your OpenVPN case, there is a special "tunnel" interface, usually tun1 or tun0, depending on your router, and the packet will generally be sent to a specific gateway IP via that tunnel interface. The VPN tunnel is set up with its own IP addresses for the two ends of the tunnel, the end in your router and the gateway end at Nord's server. But once your packet is routed to that tunnel interface and all the firewall tests are done, everything is up to OpenVPN. It will do its magic and hand off the encrypted packet to Nord's server via your WAN interface, in your case wlan1, behind the scenes.
And there's really no reason you need to know any of that. It's just interesting because its techy and nerdy and we tech nerds like stuff like that.
As to whether you need a VPN... See about a million online discussions. If you don't want your ISP to know where your traffic goes, maybe because you don't trust them not to sell the info to the Great Advertising Monster, a VPN is useful provided you are careful not to leave unencrypted DNS traffic in the open. (Recent dd-wrt builds will generally route your DNS requests through the VPN, covering the latter angle nicely.) Likewise for keeping the administrator of your primary router from seeing what you're up to. But if you want your identity to be unknowable to anyone watching what comes out of Nord's server -- this includes the websites you interact with -- good luck. That's a really hard thing to make happen. A VPN can hide your IP address from snoops not willing to expend effort to see it, but there's more to invisibility than just your IP address. Hiding just that will only fool the lazy. I use one news app that clearly, from its advertising, thinks I'm in the country where my VPN server is. Their corporate focus is not their app. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Posted: Fri Apr 16, 2021 17:30 Post subject: Re: Does Openvpn work on the wan only with default configura
Runed0S wrote:
I figured that I should probably use a VPN, just in case...
In case of what, exactly?
VPN's are used to secure your traffic but that security can only go from you, the end user, to wherever the VPN terminates. If the VPN terminates on NordVPN's servers, then once your traffic arrives at their server it is then decrypted and sent out over the Internet where anyone can inspect it if they can intercept it.
This is of GREAT value when the NordVPN server is located, for example, in Europe or the USA, and you are located in, for example, China PRC. Because, the Chinese government does not want you surfing and learning facts about the nasty stuff they have done to Chinese citizens in the past, or that they are doing currently. So, they run a thing called the Great Firewall which intercepts all Internet traffic going in and out of China and they scan it and if they see you looking at Wikipedia at subjects like a certain square of theirs name starting with T that some people died at, well then they just send the local police around to have a nice chat with you and warn you that if you persist you will "disappear"
But if you live in a country that actually respect Human Rights - well then a VPN is about as useful to you as teats on a boar. Unless of course, you are going to do something illegal like download kiddie nekked pics....