What's new

Beta VPN Director testing

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Status
Not open for further replies.
The setting "Accept DNS Configuration" in VPN Client tab doesn't seem to work anymore.

If I choose "Exclusive" there, the DNS requests are not routed to my VPN:s DNS server through the encrypted channel.

Furthermore, if I choose "Disabled", then nothing is routed through the VPN! In VPN Director I have the following policy rule:

LAN192.168.1.0/24OVPN2
 
Last edited:
I never used OpenVPN like this, but got curious. Is this still the best place to learn more?

 
If I don't use VPN is there any benefit to using this over the current release? Other than to test?
Well, I loaded it on my APs so it does not trigger the VPN feature. I believe the alpha builds had some updated wifi drivers and other very minor tweaks and the new QR code feature which I love. But as @RMerlin has said the primary focus for this build is to test the VPN feature.
 
The setting "Accept DNS Configuration" in VPN Client tab doesn't seem to work anymore.

If I choose "Exclusive" there, the DNS requests are not routed to my VPN:s DNS server through the encrypted channel.

Furthermore, if I choose "Disabled", then nothing is routed through the VPN! In VPN Director I have the following policy rule:

LAN192.168.1.0/24OVPN2
i Second that, routing the whole lan by VPN 192.168.1.0/24 doenst work with the VPN dns set to Exclusive with this beta. I just get the DOT DNS instead with the DNS provided from VPN. DNSfilter to router is set.

  • Sidenote: when Redirect Internet traffic through tunnel to Yes. and delete the rule in VPN Director (All- 192.168.1.0/24) i got DOT DNS ip's + VPN dns together.
  • Side effect with VPN enabled, cant install any item from AMTM via SSH. With VPN disabled the items form AMTM can be installed. ?
  • When vpn 1 and 3 (test) are enabled and VPN 3 (different country) has DNS Disabled, i get my ISP ip on VPN 3, (ipleak test) when set to exclusive i get VPN ip, but with the WAN DNS. (Rule All 192.168.1.0/24 deleted).
 
Last edited:
Just loaded the new beta/alpha1 build. :)

Come up fine and all rule converted fine.
I have DNS leak inside my provider tunnel and get this error in log.

Error: any valid prefix is expected rather than "pool-1.prd.se.sthlm.ovpn.com/32".
Error: any valid prefix is expected rather than "pool-2.prd.se.sthlm.ovpn.com/32".
/usr/sbin/iptables -t nat -N DNSVPN1
/usr/sbin/iptables -t nat -I PREROUTING -p udp -m udp --dport 53 -j DNSVPN1
/usr/sbin/iptables -t nat -I PREROUTING -p tcp -m tcp --dport 53 -j DNSVPN1
2021-06-16 15:36:51 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results

Don't know how to fix DNS-leak just now.
EDIT: If I set "Redirect Internet traffic through tunnel" to "YES" then no DNS-leaks appears.

I have reverted back to 368_2_6, it's not mature now.

@RMerlin

Thanks to new builds.
 
Last edited:
I am not going to install this now because I am not smart enough to use it properly for what is being requested.

I just want to say that I am absolutely thrilled at the implications (which I see as being all favourable) for making it easier for the individual to control their personal privacy, if they care about that. I do.
 
  • Like
Reactions: Gar
i assume the 199 rules are still store in nvram. before it was 100 rules per client... was that nvram or jffs?
In RMerlin initial post:
  • Rules are now stored in JFFS rather than nvram, allowing us to store more rules, and also save a good bit of nvram even when rules weren't used. There should now be enough space to store 199 rules total (unless you use insanely long descriptions for each rules), while the previous implementation would often run out of space before hitting the established limit of 100 per client.
 
Are Dual-WAN interfaces supported?
No. I did some quick testing, and Dual WAN rules use a very low prio number, so they would always get processed before reaching the VPN Director rules anyway. Also the fact that one can never know whenever a DUAL WAN table exists or not makes it too unpredictable to implement.

How are policy routes stored in the backend please? are they still nvram or jffs now too?
JFFS. Stored in /jffs/openvpn/vpndirector_rulelist.

This may be by design - but until I selected "Redirect Internet traffic through tunnel" to "Policy Rules" I could not get either client VPN to work.
Are you using a VPN provider, if so which one? It was working for me when using NordVPN.
 
I have DNS leak inside my provider tunnel and get this error in log.

2021-06-16 15:36:51 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results

You cannot mix a hostname with a subnet. Where is that "pool-2.prd.se.sthlm.ovpn.com/32" coming from?

You have specified redirect-gateway and redirect-private at the same time
Same, where are these settings coming from? They are not part of the firmware itself.
 
You cannot mix a hostname with a subnet. Where is that "pool-2.prd.se.sthlm.ovpn.com/32" coming from?


Same, where are these settings coming from? They are not part of the firmware itself.
--pull This option must be used on a client which is connecting to a multi-client server.

Q: did you test with a single ip number to your vpn-provider, then I can understand why my didn't work!

That come from:
Screenshot 2021-06-16 at 16-19-24 ASUS Wireless Router RT-AX86U - OpenVPN Client Settings.png


and openvpnclient1.postconf file. to specify two pool my vpnprovider use.

Name: pool-1.prd.se.sthlm.ovpn.com
Address 1: 217.64.148.49 vpn05.prd.kista.ovpn.com
Address 2: 217.64.148.52 vpn11.prd.kista.ovpn.com
Address 3: 217.64.148.59 vpn21.prd.kista.ovpn.com
Address 4: 217.64.148.58 vpn20.prd.kista.ovpn.com
Address 5: 217.64.148.54 vpn13.prd.kista.ovpn.com
Address 6: 217.64.148.72 217-64-148-72.pool.ovpn.com
Address 7: 217.64.148.71 217-64-148-71.pool.ovpn.com
Address 8: 217.64.148.57 vpn16.prd.kista.ovpn.com
Address 9: 217.64.148.56 vpn15.prd.kista.ovpn.com
Address 10: 217.64.148.48 vpn04.prd.kista.ovpn.com
Address 11: 217.64.148.73 217-64-148-73.pool.ovpn.com
Address 12: 217.64.148.55 vpn14.prd.kista.ovpn.com
Address 13: 217.64.148.47 vpn03.prd.kista.ovpn.com
Address 14: 217.64.148.46 vpn02.prd.kista.ovpn.com
Address 15: 217.64.148.60 vpn22.prd.kista.ovpn.com
Address 16: 217.64.148.50 vpn09.prd.kista.ovpn.com
Address 17: 217.64.148.51 vpn10.prd.kista.ovpn.com
Address 18: 217.64.148.53 vpn12.prd.kista.ovpn.com

#!/bin/sh
CONFIG=$1
source /usr/sbin/helper.sh
sed -i "/remote pool-1.prd.se.sthlm.ovpn.com 1194/a remote pool-2.prd.se.sthlm.ovpn.com 1194" $CONFIG
 
Last edited:
Thanks!



Note to any testers, YazFi's VPN re-direction and vpnmgr won't work in this beta.
Unfortunate. I was just thinking what a great combination...
 
I have an AC86 and on it I have five VPN clients setup but only two are running.

I removed Yaz_FI and unmounted my USB drives before attempting an upgrade. The first attempt failed. The second attempt using the same file was successful.

Everything seems to be working fine. The only clean up I had to do within the VPN director is to remove some duplicate rules that were the result of the way I set up each of the five clients. To avoid ambiguity and for clarity in each of the five VPN clients under policy rules I listed the router and and my second double NATed router as being WAN. I therefore had multiples instances of both routers showing up under the director. I deleted the extra rules and everything is running as it should.

Thanks Merlin!
 
Thanks!



Note to any testers, YazFi's VPN re-direction and vpnmgr won't work in this beta.
I have the VPN re-direction working here for the Guest Network, using Guest #1

EDIT: short lived, DNS leak, Im getting OVPN3 dns on OVPN1
 
Last edited:
and openvpnclient1.postconf file. to specify two pool my vpnprovider use.
The problem possibly comes from the route_net_gateway provided by OpenVPN which for some reason returns a hostname instead of an IP as was the case in my tests (that's the only place where I add a subnet to an argument received from the remote end). I'll try removing the prefix to see if that solves it.
 
i'll fix it, but you know my policy on betas ;-)
And in this case it's more an alpha than a beta really, so design changes may still happen based on the user feedback. Now is not a good time to start making changes, beyond just keeping an eye on development.
 
DNS redirection in Exclusive Mode doesn't seem to be creating the appropriate iptable rules. I will need to investigate.
 
If I choose "Exclusive" there, the DNS requests are not routed to my VPN:s DNS server through the encrypted channel.
Exclusive mode code wasn't updated to deal with VPN Director, fixed.


I'll try to upload new builds later tonight with the current batch of fixes.
 
Status
Not open for further replies.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top