[SOLVED] DNS Leak while torrenting with openvpn

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Goto page 1, 2  Next
Author Message
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 13

PostPosted: Sat Nov 23, 2019 22:52    Post subject: [SOLVED] DNS Leak while torrenting with openvpn Reply with quote
Hi guys,

I use a netgear R7000 Broadcom ARM with Firmware v3.0-r36070M kongac (05/31/18 )flashed with this file : dd-wrt.v24-K3_AC_ARM_STD

I configured openvpn properly with my vpn provider settings
.
Everything works very well.

I also have a VAP without VPN on gateway 192.168.2.1

The DHCP ranges for the main network goes from 192.168.1.64 to 192.168.1.127.

So I added the ip table 192.168.1.1.64/26 in the based policy routing and this rule as a firewall for killswith :

iptables -I FORWARD -s 192.168.1.1.64/26 -o $(get_wanface) -m state --state NEW -j REJECT

Thanks to egc Very Happy

I have a weird problem, I have DNS leaks only when I use a torrent client which is annoying to download my linux distributions out of sight;)

Do you have any ideas on the subject?
Many Thx


Last edited by Dughall on Mon Nov 25, 2019 11:26; edited 1 time in total
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3071
Location: UK, London, just across the river..

PostPosted: Sat Nov 23, 2019 22:58    Post subject: Reply with quote
i guess some VPN providers does not support torrenting...im not a VPN user its a pure guess...
_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41659 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT, VPN)
TP-Link WR1043NDv2 ----DD-WRT 41664 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
2x Netgear R7800 -------DD-WRT 40270M 4.9 Kong (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DNSCrypt-proxy v2 x2)
Broadcom
Netgear R7000 -------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 13

PostPosted: Sat Nov 23, 2019 23:07    Post subject: Reply with quote
Mine does. I am connected to a server dedicated to p2p. That's why I found this weird.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4355
Location: Netherlands

PostPosted: Sun Nov 24, 2019 8:40    Post subject: Reply with quote
When using PBR you always run the risk of a DNS leak.

On your old build it is not easy to mitigate this entirely but have a look at the third post in this thread: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686

Enabling Forced DNS redirection and using the no-resolv directive should normally force the use of the DNS server of your liking, they will however still be send out into the open, as your old build does not support the VPN "route" command.

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 13

PostPosted: Sun Nov 24, 2019 10:19    Post subject: Reply with quote
Thank you egc.

I will try that.

Have you an idea with theses leaks which happens only when torrenting ? It's weird no ? Zero leaks when I don't use torrent client. I tried with Qbittorrent and transmission.

Thx
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 13

PostPosted: Sun Nov 24, 2019 10:43    Post subject: Reply with quote
The command line no-resolv + server= seems to be working.

I will try some tests next days then I will mark solved on the thread if everything is ok.

Thank you
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4355
Location: Netherlands

PostPosted: Sun Nov 24, 2019 10:57    Post subject: Reply with quote
Dughall wrote:
Thank you egc.

I will try that.

Have you an idea with theses leaks which happens only when torrenting ? It's weird no ? Zero leaks when I don't use torrent client. I tried with Qbittorrent and transmission.

Thx


To get to the bottom of this I have to see a lot more of you configuration and have to see how the bittorent clients interact with it, it is also related to which build you use and even what WAN interface you have (automatic or static or PPPoE etc).

I can write a book about all this but I won't because i am currently working on Wireguard Smile

But I saw your next post and if that quick fix helps (it should be) then indeed mark it as [SOLVED] Smile

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 13

PostPosted: Mon Nov 25, 2019 11:23    Post subject: Reply with quote
Quote:
I can write a book about all this but I won't because i am currently working on Wireguard


This tech seems very good, but is it safe to adopt it now ?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4355
Location: Netherlands

PostPosted: Mon Nov 25, 2019 11:39    Post subject: Reply with quote
Dughall wrote:
Quote:
I can write a book about all this but I won't because i am currently working on Wireguard


This tech seems very good, but is it safe to adopt it now ?


If you are not a high level government target, yes it is safe to use.

I am writing a How To guide for DDWRT, first draft will be ready end of this week, covering the use of DDWRT as a server, Android Client, Windows client and using DDWRT as a client Smile
There is already a wiki which is quite good

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 3071
Location: UK, London, just across the river..

PostPosted: Mon Nov 25, 2019 12:38    Post subject: Reply with quote
Does PIA supports Wireguard ???
if im not wrong do you use PIA as well?
In that case i may jump on board...
i may consider getting a VPN pack if they get tempting prices soon... and Im quite keen to try Wireguard as an alternative...
Does it gets bett speed with R7800...?

_________________
Atheros
TP-Link WR740Nv1 ------DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ----DD-WRT 41659 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT, VPN)
TP-Link WR1043NDv2 ----DD-WRT 41664 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ----Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
2x Netgear R7800 -------DD-WRT 40270M 4.9 Kong (AP,NAT,AD-Blocking,AP&Net Isolation,VLAN's,Firewall,Local DNS,DNSCrypt-proxy v2 x2)
Broadcom
Netgear R7000 -------DD-WRT 40270M Kong (AP,NAT,VLAN,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4355
Location: Netherlands

PostPosted: Mon Nov 25, 2019 13:37    Post subject: Reply with quote
Alozaros wrote:
Does PIA supports Wireguard ???
if im not wrong do you use PIA as well?
In that case i may jump on board...
i may consider getting a VPN pack if they get tempting prices soon... and Im quite keen to try Wireguard as an alternative...
Does it gets bett speed with R7800...?


Unfortunately PIA does not support Wireguard yet.
I have not done any formal speed testing but a quick test with my R7800 showed speeds of 240 Mb/s instead of 90 Mb/s on OpenVPN

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
bushant
DD-WRT Guru


Joined: 18 Nov 2015
Posts: 1258
Location: Indiana

PostPosted: Mon Nov 25, 2019 15:32    Post subject: Reply with quote
Alozaros wrote:
Does PIA supports Wireguard ???


I found these many moons ago.
They are over a year old.
It would be nice to see an update from them.

https://www.privateinternetaccess.com/blog/2018/01/private-internet-access-proud-supporting-wireguard-project/

https://www.privateinternetaccess.com/blog/2018/09/the-current-status-of-wireguard-vpns-are-we-there-yet/

_________________
SUPPORTED DEVICES -- DON'T USE ROUTER DATABASE!
--IMPORTANT UPGRADE INFORMATION--STUBBY install guide
Qualcomm-Atheros:
R7800 x2 kongat & BS WDS AP & Sta-- R7500V2 BS std WDS STA-- WZR-HP-AG300H BS std WDS STA
WNDR3700v4 BS std WDS STA-- Nanostation M2 AirOS-- LocoM2 AirOS
Broadcom:
R6200v2 41491std using R6250.chk WLAN Repeater Archer C9 v1 OEM WAP

DDWRT Policy Based Routing Guide by egc
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 13

PostPosted: Mon Nov 25, 2019 16:39    Post subject: Reply with quote
These ones support wireguard :

AzireVPN.
VPN.ac.
TorGuard.
Mullvad.
IVPN.
NordVPN (still in testing)
Private Internet Access (still in testing)

Maybe I'll try with Mullvad, I don't know yet

I'm eager to see egc's guide ^^
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4355
Location: Netherlands

PostPosted: Mon Nov 25, 2019 17:07    Post subject: Reply with quote
First draft is up: https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135#1183135

DDWRT as a client will be added later this week, it needs some scripting, but is running already.

It is a first draft

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Dughall
DD-WRT Novice


Joined: 11 Nov 2019
Posts: 13

PostPosted: Fri Nov 29, 2019 8:51    Post subject: Reply with quote
Sorry I have a last question even if the topic is solved Very Happy

Quote:
Enabling Forced DNS redirection and using the no-resolv directive should normally force the use of the DNS server of your liking, they will however still be send out into the open, as your old build does not support the VPN "route" command.



Does it have an impact on privacy ? And the PBR command in openvpn seems to be working because the traffic is routed through the VPN except my VAP and this is have wanted :

https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=322010


Do you suggest to upgrade version of dd-wrt (with factory reset) ?
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum