Now I would just like to get it to work with remote OpenVPN Port 53. I know this is possible from the PC side using PIA application, and that it removes all bandwith throttling as I have run extensive tests. I am hoping to accomplish this on my personal router as there is no application for setting up VPN on some of the devices I intend to use, such as gaming consoles. Here is what I have tried so far:
and also using what little information I can gather here:https://www.reddit.com/r/PrivateInternetAccess/comments/gqdly2/ddwrt_port_53/
(note: the user in this Reddit post does not have NAT enabled as seen in their screenshot)
fails with the ca.rsa.2048 cert as well as ca.crt cert, please see the following screenshots:
The router doesn't care what destination port you need to use on the remote system. As long as it's the valid port for the OpenVPN server being hosted by PIA, it should work like any other remote port.
Also, those screenshots are too small for me to read.
second regarding settings on the PIA app or PC you have to look for help on PIA forums or their support line...
than if you want to use any DNS port permitted by PIA on router level (you should know what port public servers allow)
you can specify port via DNSmasq (the default DDWRT DNS manager)
add those lines to advanced DNSmasq box
no-resolv
server=1.1.1.1#53
you can choose any other DNS server and allowed port to use...
do not confuse VPN ports with DNS
by default DNS servers used from router side are passed inside the VPN channel...at least it used to be like that, i haven't tried it recently, as i use Stubby for DNS over TLS....(you can see the link in my sig)...its working inside the VPN channel too...
p.s.
egc certs seems ok https://www.privateinternetaccess.com/helpdesk/guides/routers/dd-wrt-v40559-openvpn-setup ,but settings are mess, your settings are working well.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55779 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Wed Sep 02, 2020 9:34; edited 1 time in total
Joined: 18 Mar 2014 Posts: 12873 Location: Netherlands
Posted: Wed Sep 02, 2020 8:09 Post subject:
The picture is really small but I see you have a good connection on port 1198 with the settings I provided.
I have a limited experience with different ports i tried some and although they say that it should work for all of their servers this is not the case it is just a matter of trial and error some servers work with some ports others with other ports.
1198 UDP and TCP 502 with ca.rsa.2048.crt usually work
You can try port 53 but try different servers
For the fun I took a look their ca.crt it has a size 1024 and is expired so much for PIA.
Code:
20200902 09:55:33 N VERIFY ERROR: depth=1 error=certificate has expired: C=US ST=OH L=Columbus O=Private Internet Access CN=Private Internet Access CA emailAddress=secure@privateinternetaccess.com
Maybe they have a valid certificate somewhere else
Joined: 16 Nov 2015 Posts: 6435 Location: UK, London, just across the river..
Posted: Wed Sep 02, 2020 9:39 Post subject:
as BS did some changes to OpenVPN recently, its always good to see what settings are in /tmp/openvpn/openvpn.conf
and then add/remove things in case they are needed/not needed... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55779 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Okay, so I've done some poking around at some of their servers with nMap and found one that does have an open UDP Port 53:
PORT STATE SERVICE
53/udp open|filtered domain
So, I went in and used it to set up a new VPN connection with port 1198:
State
Client: CONNECTED SUCCESS
change to port 53 and I get the following error:
20200902 22:44:52 TLS: Initial packet from [AF_INET]156.146.41.129:53 sid=4b8b250e 90c10012
20200902 22:44:52 W WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
20200902 22:44:53 N VERIFY ERROR: depth=1 error=self signed certificate in certificate chain: C=US ST=OH L=Columbus O=Private Internet Access CN=Private Internet Access CA emailAddress=secure@privateinternetaccess.com
20200902 22:44:53 N OpenSSL: error:1416F086:lib(20):func(367):reason(134)
20200902 22:44:53 N TLS_ERROR: BIO read tls_read_plaintext error
20200902 22:44:53 NOTE: --mute triggered...
20200902 22:44:53 2 variation(s) on previous 3 message(s) suppressed by --mute
20200902 22:44:53 I SIGUSR1[soft tls-error] received process restarting
20200902 22:44:53 Restart pause 5 second(s)
So, it is absolutely the cert that is blocking this from working, but it works just fine using the desktop app, and cell phone app as well, releasing the bandwidth restrictions and allowing full access. So I guess, unless there is a valid certificate floating around for Port 53 somewhere, we are hosed on PIA using UDP 53 on the router... Any suggestions?
Went shopping around for another VPN that supported DD WRT, found one with a 7 day free trial: https://www.le-vpn.com/
Signed up, updated settings with the requirements from their website (with a few additional settings that I learned during this process) and bam,... success! Getting between 8-15MBPS on speedtest.net (I know, it's not the most accurate, but it was showing my throttled speeds prior as what the ISP was advertising so it is a confirmation of sorts)
Did a couple test-downloads on Steam and a torrent, averaging 2-4 MBPS on steam now (was 300-400kbps while throttled) and torrents getting up to 12MBPS.
Thank you, egc, Alozaros, and eibgrad for all the assistance with this learning experience!