1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN Client Torguard Issue

Discussion in 'Asuswrt-Merlin' started by bobpow, Apr 19, 2019.

  1. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    Hi
    I setup an Open VPN Client Torguard on my rt 1900P router and I got some warning msgs regarding the cipher level. I spoke to Torguard and they told my to change it to AES 256 or AES 128 , but for the like of me I cannot find the cipher level on the VPN client page. Can Anyone direct my to the location?
    Thanks
     
  2. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    Look at these as an example: ASUS Wireless Router RT AX88U   OpenVPN Client Settings.png
     
    L&LD likes this.
  3. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    Thanks That did it.
     
    L&LD and skeal like this.
  4. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    I am trying to get my Amazon firestick to bypass the toguard vpn and have follow a link by Marin on open vpn and set the option on the vpn client page Redirect internet traffic to Policy rules And added the IP address to point to wan interface but it does seems to working. When I apply and reboot , I check my iPad and it gives me my isp address . Meanwhile on the vpn client page it shows the vpn address. But all my traffic seems to be redirected to my isp.
    Any help would be appreciated.
    Thanks
     
  5. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    To use the VPN provided DNS use the "accept dns configuration to exclusive" Then use DNSFilter to direct the firesticks to the prefered DNS server you want. I use "accept DNS configuration to disabled" This makes the VPN use the router as DNS so if the router is setup to use DoT then the DoT works through the VPN and Diversion etc. My firesticks only seem to work well using generic 1.1.1.1 DNS so I have a DNSFilter rule set for both my firesticks to use 1.1.1.1 even though they run through my VPN.
     
  6. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    Thanks Skeal.
    I set the vpn dns to exclusive and the DNS filter as below , doesn.t work.Any help would be appreciated
     

    Attached Files:

    • x.png
      x.png
      File size:
      94.6 KB
      Views:
      30
  7. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    With it setup like you show, the firestick should use 1.1.1.1 as it's DNS. Make sure that the devices you have set in the VPN client are set to route through the VPN not WAN. If you want WAN access for a device leave it out of the VPN client configuration entirely. If the "accept dns configuration set to exclusive" in the VPN client then any device routed through the VPN will use the VPN provider's DNS. To make this work I had to set the "DNS Server one" on the WAN page to the router's IP, "DNS Server two" is blank. So basically set only devices needing the VPN to route through the VPN interface. I know there is a WAN ability there but don't use it, in this case. Choose the VPN interface for your devices.
     
  8. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    For me my firestick runs through my Torguard VPN but uses 1.1.1.1 as it's DNS, in spite of the fact the "accept dns is set to disabled".
     
  9. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    Thanks for all your help.
    but still no luck, every time i set the vpn dns to disable and set other parameters all my devices use my isp address not the vpn address and the firestick still gets blocked. If I set the vpn to exclusive it gets the vpn addy and I can not get the firestick routed around the vpn.
    Thanks for your assistance
     
  10. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    What are the other parameters?
     
  11. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    In what way are you blocked?
     
  12. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    The Wan DNS to yes
    And adding the Firestick to the DNS filter set to 1.1.1.1
     
  13. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    setting disabled DNS sends me out to the internet via ny isp address
    and setting it to exclusive blocks the fire stick . amazon says I have a VPN or proxy up
     
  14. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    Basic accepted knowledge:
    Choosing "accept dns configuration disabled," will force the vpn to use your routers DNS. If that is set as your isp dns, then that's what you will see.
    Use policy rules (strict) to ensure your routing wishes are respected.
    If a device routed through the vpn needs to have a different dns (like my firestick) you set that in DNSFilter.

    In my opinion your test is accurate. With the VPN DNS set to disabled you are seeing your isp dns as defined on the WAN page.
    If Netflix is blocking you it may be because of a blocked IP range. I pay an extra 3$ CDN a month to have a non-blacklisted streaming ip based in the USA. That means that my devices are being dumped into the USA. When I use DNSFilter to direct the device to use 1.1.1.1 the device thinks it's in the USA so it uses USA based Cloudflare DNS Servers so I get around the Netflix proxy detection.
     
  15. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    actually I am using stubby and my dns servers are Cloudflare. The address that I am exposing is my ISP IP address not my dns
     
  16. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    I follow so far but not sure what you mean by this.
     
  17. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    the address exposed is the isp wan address on the router interface. like in whats my ip
     
  18. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    Is your VPN connected? Is the device you are using to test with, routed the same way as the device you are checking for? To check the VPN you have to be routed through the VPN. If the VPN connects, and the test machine is routed through the VPN, you will see the VPN providers IP. Lets get that working first.
     
  19. bobpow

    bobpow Occasional Visitor

    Joined:
    Feb 20, 2014
    Messages:
    49
    Location:
    New York
    Yes the vpn is up and working. I have a Torguard IP address. All my devices are going thru the VPN
     
  20. skeal

    skeal Part of the Furniture

    Joined:
    Apr 30, 2016
    Messages:
    3,076
    Location:
    /etc
    If you have policy rules strict and routing all through the VPN you should see in a ipleak.net test the IP of your Torguard client. If not then something isn't right with your policy routing.