[SOLVED] OpenVPN, Policy Based Routing and DNS Leak

Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking
Goto page Previous  1, 2
Author Message
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12836
Location: Netherlands

PostPosted: Fri Apr 29, 2022 7:37    Post subject: Reply with quote
You can safely ignore that warning or lower your verb.

The warning is because the certificates renew every 3600 sec.

A lot of providers advise to add to additional config:
Code:
reneg-sec 0

Which will stop the certificate from renewing (the renewing can also be a source of connection loss if badly configured but of course it is somewhat less safe)

_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Sponsor
anthonyoc
DD-WRT Novice


Joined: 26 Apr 2022
Posts: 13

PostPosted: Fri Apr 29, 2022 9:01    Post subject: Reply with quote
Good advice. I’ll try the additional config and see whether I get any issues.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6409
Location: UK, London, just across the river..

PostPosted: Sat Apr 30, 2022 12:31    Post subject: Reply with quote
egc wrote:
You can safely ignore that warning or lower your verb.

The warning is because the certificates renew every 3600 sec.

A lot of providers advise to add to additional config:
Code:
reneg-sec 0

Which will stop the certificate from renewing (the renewing can also be a source of connection loss if badly configured but of course it is somewhat less safe)


in regards of egc advice...yep you can safely use reneg-sec 0
or to keep up with it as a safe measure
reneg-sec 14400 or even 28800 so it comes only few times a day, less frequent than every hour....

what i also have in advanced VPN box is:
server-poll-timeout 15 ---if server stops this will give a 15 sec timeout and it moves to another server to connect, if specified....
like for example:
remote servername portnumber

remote blabla.privacy.network 1197

you can use as well watchdog option instead and specify a spare servers in GUI in those dedicated options....instead of using VPN advances options config box for that...

i guess there is that NTP time renew thing, that shows in logs for renewing NTP time every hour, and its annoying too, so you can change that as well..
while using telnet or ssh issue those commands:

nvram set ntp_timer=14400
nvram commit
reboot

14000 is in seconds = to 4 hours
28800 is - 8 hours

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum