1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

OpenVPN configuration IP leak.

Discussion in 'Asuswrt-Merlin' started by Panhan, Dec 9, 2018.

  1. Panhan

    Panhan New Around Here

    Dec 9, 2018

    I'm far from an expert in this field and I need help with this issue.

    I have a problem with OpenVPN client configuration, my configuration leak my IP sometimes (as if the tunnel did not work). Did I make a mistake somewhere?

    Here is my setup:

    I have RT-AC68U with asus merlin software. 5PC are connected to my router, and I want two of them to connect ONLY via OPEN VPN client 1 configuration (vpn - torguard)

    My router had default settings, and I made the following steps.

    Step 1. in LAN > DHCP Server

    Enable Manual Assignment > YES

    And i Manually Assigned IPs for these 2 computers (I want them to connect through VPN tunnel all the time)

    Step 2. in VPN > VPN Client

    I set up my VPN and then,

    Redirect Internet traffic > Policy Rules
    (I also tried strict too, same problem)

    Block routed clients if tunnel goes down > YES

    Then below in "Rules for routing client traffic through the tunnel"

    I add assigned IPs from step 1 , leave destination ip empty , and Iface VPN.

    And everything works, but sometimes these 2 computers connect without tunnel and leak my IP.
    it looks like sometimes, VPN client Service state go OFF, then my ip leaks.

    How can I solve this?

    Thank you for your time and help
    Last edited: Dec 10, 2018
  2. Panhan

    Panhan New Around Here

    Dec 9, 2018
    Is there any option to force connection only via VPN for these 2 computers, OUTSIDE off OpenVPN client configuration? Just to add another layer of protection from IP leaks?
  3. Martineau

    Martineau Very Senior Member

    Jul 8, 2012
    First I would attempt to try and identify how/why the 'Block routed clients if tunnel goes down=YES' isn't working.

    e.g. if using VPN Client #1
    ip rule
    ip route show table 111
    or use my script ChkVPNConfig.sh

    ...but in the interim you can use the old-skool method to explicitly block say 192.168.1.xxx and 192.168.1.yyy from using the WAN

    e.g. /jffs/scripts/firewall-start
    iptables -D FORWARD -i br0  -s 192.168.1.xxx,192.168.1.yyy -o $(nvram get wan0_ifname) -j DROP
    iptables -I FORWARD -i br0  -s 192.168.1.xxx,192.168.1.yyy -o $(nvram get wan0_ifname) -j DROP