Bug with OpenVPN Client Settings

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

sweetlyham

Occasional Visitor
I am trying to set Policy Rules (Strict) for my TV to use VPN however when trying to insert "0.0.0.0" into the Destination IP field as per guides I have found online it disappears after saving.

Even if I save using the below settings the TV (and other LAN devices when testing different IPs) aren't routing over the VPN interface. Forcing all traffic through tunnel confirms VPN does work, can't seem to get Policy Rules working.

Any help would be greatly appreciated.

Current Version : 386.2_6
RT-AX58U

Screenshot 2021-06-20 204934.png
 

sweetlyham

Occasional Visitor
Another query - I have have Accept DNS Config set to "Exclusive" however my AdGuard Home (similar but better than PiHole) keeps getting DNS requests from TV even though logs confirm (from my understanding below) that the VPN DNS was set.

Code:
Jun 20 20:56:47 openvpn: Forcing 192.168.0.3 to use DNS server 123.123.123.123
Jun 20 20:56:48 dnsmasq[2165]: read /etc/host s - 6 addresses
Jun 20 20:56:48 dnsmasq[2165]: read /etc/host s.dnsmasq - 0 addresses
Jun 20 20:56:48 dnsmasq[2165]: using nameserver 192.168.0.2#53
Jun 20 20:56:50 openvpn-routing: Configuring policy rules for client 1
 

Jack Yaz

Part of the Furniture
0.0.0.0 isn't needed anymore, it's implied if blank. space saving for nvram
 

Jack Yaz

Part of the Furniture
I tried blank and it didn't route via VPN hence why I made the post :)
it should as i have mine blank and they route via VPN. blank it out again and then check what you get for
Code:
ip rule list
ip route show table ovpncX
where X is the client number
 

Jack Yaz

Part of the Furniture
one thing i have noticed, try saving/applying twice after making the change
 

dave14305

Part of the Furniture
Another query - I have have Accept DNS Config set to "Exclusive" however my AdGuard Home (similar but better than PiHole) keeps getting DNS requests from TV even though logs confirm (from my understanding below) that the VPN DNS was set.

Code:
Jun 20 20:56:47 openvpn: Forcing 192.168.0.3 to use DNS server 123.123.123.123
Jun 20 20:56:48 dnsmasq[2165]: read /etc/host s - 6 addresses
Jun 20 20:56:48 dnsmasq[2165]: read /etc/host s.dnsmasq - 0 addresses
Jun 20 20:56:48 dnsmasq[2165]: using nameserver 192.168.0.2#53
Jun 20 20:56:50 openvpn-routing: Configuring policy rules for client 1
If AdGuard Home is configured in the LAN DHCP DNS settings, then the TV will not send DNS requests to the router for them to be intercepted by the VPN DNS rules. LAN-to-LAN traffic isn’t routed through the router like LAN-to-WAN traffic obviously is.
 

sweetlyham

Occasional Visitor
If AdGuard Home is configured in the LAN DHCP DNS settings, then the TV will not send DNS requests to the router for them to be intercepted by the VPN DNS rules. LAN-to-LAN traffic isn’t routed through the router like LAN-to-WAN traffic obviously is.
AdGuard Home IP is set in WAN.

Screenshot 2021-06-20 222847.png
Screenshot 2021-06-20 222833.png
 

sweetlyham

Occasional Visitor
it should as i have mine blank and they route via VPN. blank it out again and then check what you get for
Code:
ip rule list
ip route show table ovpncX
where X is the client number

Screenshot 2021-06-20 224403.png


Screenshot 2021-06-20 224455.png


Code:
[email protected]:/tmp/home/root# ip rule list
0:      from all lookup local
10101:  from 192.168.0.3 lookup ovpnc1
32766:  from all lookup main
32767:  from all lookup default
[email protected]:/tmp/home/root# ip route show table ovpnc1
default via 10.120.10.1 dev tun11
10.120.10.0/23 dev tun11 proto kernel scope link src 10.120.10.13
192.168.0.0/24 dev br0 proto kernel scope link src 192.168.0.1
239.0.0.0/8 dev br0 scope link
 
Last edited:

sweetlyham

Occasional Visitor
Seems to be working now... I think by having DNS served at WAN level instead of LAN and rebooting device has resolved issue. Not getting any DNS requests on AdGuard now
 

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top