Posted: Wed May 16, 2018 22:07 Post subject: OpenVPN: 2 questions...
Hi all,
just configured OpenVPN-client on my AP/gateway. All is fine. DD-WRT is r35927, currently latest. Previously OpenVPN was established by the PC.
Just 2 issues, which I can't explain and I'd love to hear answers.
1.
While the OpenVPN-connection is established to my VPN-provider, I can see that I do have the right external public IP (I'm on v4 only), e.g. with https://my-ip-is.com/. Also the bandwidth is normal, much lower than without VPN.
Now, I run a traceroute to that external public IP from a PC via the AP. I would expect that I only see internal IPs of the tunnel (TUN is selected as device, protocol UDP).
Problem: I do see IPs of my local internet-provider while traceroute crawls. First IP is the AP, last is the VPN-server, my public IP. What is the reason? Is it a layer thing?
2.
The OpenVPN-connection is only shown as 'established' in Status/VPN when I use button 'Apply Settings' in Services/VPN. It is never established just after rebooting the AP. It does not matter whether 'Start type' is set to 'WAN up' or 'System' in Services/OpenVPN or how long I wait, I HAVE to click 'Apply Settings'.
Was it always like that? Is there a start-script to fix this?
Many thanks in advance. Apologies if these questions have been answered already... I did have a quick search on both topics. _________________ 3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xAsus RT-AC87U
1xAsus RT-AC88U
1xTP710
So just to confirm, that dd-wrt router is configured as a router (NOT a WAP), where its WAN is patched to a LAN port on the ISP's modem (or modem+router)?
Wireless mode is AP; Setup/Advanced is set to Gateway; it is the DHCP server for my network and it is patched to my ISP's modem (DSL) with LAN on the WAN-port. _________________ 3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xAsus RT-AC87U
1xAsus RT-AC88U
1xTP710
This is a serious issue, putting users on unexpected risks...
I can't understand why kong's and bs' builds are that different.
BTW1: PBR was not on in my config.
BTW2: I did not check which DNS have been active, because I did not think about that. _________________ 3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xAsus RT-AC87U
1xAsus RT-AC88U
1xTP710
I'm even considering putting a script together to monitor for DNS leaks and report them to the user.
Yes, PLEASE!
This would be really of help, since it is never easy to detect DNS leaks, considering zillions of OpenVPN options.
Do you think it is NOT a dd-wrt issue? (Your comment2 on trac #6247 seems to point to OpenVPN).
Apart from that, working scripts MUST be in sync between kong and bs. _________________ 3xBuffalo WLI-H4-D1300
1xBuffalo WZR-D1800H
1xBuffalo WHR-HP-G300N
1xBuffalo WHR-1166D (stock f/w)
1xAsus RT-AC87U
1xAsus RT-AC88U
1xTP710
traceroute to my public IP via VPN tunnel does NOT show IPs of my DSL-provider with r36527 (bs) any more. Reason: the local IP of my DSL-router was set as DNS on my DD-WRT router. So, somehow traceroute used both DNS, the DNS of my ISP and of my VPN.
Your DNS-leak script reveals, that only the 2 correct DNS IPs (pushed by VPN) are used for DNS requests on port 53. (This is also valid if the local IP of my DSL-router is set as DNS in my DD-WRT router.)