Does Openvpn work on the wan only with default configuration

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Author Message
Runed0S
DD-WRT Novice


Joined: 09 Jul 2020
Posts: 18

PostPosted: Thu Apr 15, 2021 0:41    Post subject: Does Openvpn work on the wan only with default configuration Reply with quote
Firmware: DD-WRT v3.0-r46329 std (04/13/21)
Router Model: TP-Link ARCHER-C7 v4 (atheros)

A bit of pretext: I am using an XfinityWifi hotspot as my internet connection, with a family-member's login... It is actually extremely reliable and hasn't ever gone down on me!

I figured that I should probably use a VPN, just in case... so I got NordVPN. It works okay, it's just really slow (halfspeed, as expected)

So what I'm wondering: Where is OpenVPN configured? Does traffic pass through it before wlan1?
Currently wlan1 is connected to the 5ghz hotspot, and wlan0 is the house's wifi.

I feel like I've completely missed a concept here, though I've been trying to figure this out for several months...

Edit: I have AP isolation on wan1; do I even need a VPN, or is it overkill?
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12837
Location: Netherlands

PostPosted: Thu Apr 15, 2021 7:08    Post subject: Reply with quote
As long as traffic goes *through* the router the VPN will work.

so it does not work when the router is setup as a WAP or in a bridged setup

https://wiki.dd-wrt.com/wiki/index.php/Linking_Routers

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
SurprisedItWorks
DD-WRT Guru


Joined: 04 Aug 2018
Posts: 1446
Location: Appalachian mountains, USA

PostPosted: Fri Apr 16, 2021 16:19    Post subject: Reply with quote
Just to add to what egc said, for education's sake...

As a packet leaves the interface or bridge in which it originates, it is subjected to firewall screening and routing. What you are asking is about routing. The router has a look at which interface or bridge it came from, and that determines, via a "rule" list, which of at least two (if you are using a vpn) routing tables to use. The packet's destination address is then compared to the entries in that routing table to determine what interface to send it to. In your OpenVPN case, there is a special "tunnel" interface, usually tun1 or tun0, depending on your router, and the packet will generally be sent to a specific gateway IP via that tunnel interface. The VPN tunnel is set up with its own IP addresses for the two ends of the tunnel, the end in your router and the gateway end at Nord's server. But once your packet is routed to that tunnel interface and all the firewall tests are done, everything is up to OpenVPN. It will do its magic and hand off the encrypted packet to Nord's server via your WAN interface, in your case wlan1, behind the scenes.

And there's really no reason you need to know any of that. It's just interesting because its techy and nerdy and we tech nerds like stuff like that.

As to whether you need a VPN... See about a million online discussions. If you don't want your ISP to know where your traffic goes, maybe because you don't trust them not to sell the info to the Great Advertising Monster, a VPN is useful provided you are careful not to leave unencrypted DNS traffic in the open. (Recent dd-wrt builds will generally route your DNS requests through the VPN, covering the latter angle nicely.) Likewise for keeping the administrator of your primary router from seeing what you're up to. But if you want your identity to be unknowable to anyone watching what comes out of Nord's server -- this includes the websites you interact with -- good luck. That's a really hard thing to make happen. A VPN can hide your IP address from snoops not willing to expend effort to see it, but there's more to invisibility than just your IP address. Hiding just that will only fool the lazy. I use one news app that clearly, from its advertising, thinks I'm in the country where my VPN server is. Their corporate focus is not their app.

_________________
2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Fri Apr 16, 2021 17:30    Post subject: Re: Does Openvpn work on the wan only with default configura Reply with quote
Runed0S wrote:

I figured that I should probably use a VPN, just in case...


In case of what, exactly?

VPN's are used to secure your traffic but that security can only go from you, the end user, to wherever the VPN terminates. If the VPN terminates on NordVPN's servers, then once your traffic arrives at their server it is then decrypted and sent out over the Internet where anyone can inspect it if they can intercept it.

This is of GREAT value when the NordVPN server is located, for example, in Europe or the USA, and you are located in, for example, China PRC. Because, the Chinese government does not want you surfing and learning facts about the nasty stuff they have done to Chinese citizens in the past, or that they are doing currently. So, they run a thing called the Great Firewall which intercepts all Internet traffic going in and out of China and they scan it and if they see you looking at Wikipedia at subjects like a certain square of theirs name starting with T that some people died at, well then they just send the local police around to have a nice chat with you and warn you that if you persist you will "disappear"

But if you live in a country that actually respect Human Rights - well then a VPN is about as useful to you as teats on a boar. Unless of course, you are going to do something illegal like download kiddie nekked pics....
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum