Follow my screenshots above. Strict. Choose the Quad9 preset servers, and they will populate the top part of that screen as shown. In DNS Director, make sure it is set to "router". (Different screen under LAN)
Thank You, Viktor I really appreciate it. I understand everything you've said. The only thing is that at the WAN/ Internet Connection/ WAN DNS Setting/ DNS Server. I have also assigned there Quad9. Normally it was on my ISP. Must I leave it like I have it now or change it back to ISP?
You definitely want to change your WAN DNS settings to use Quad9's DNS servers. Do not give your ISP a leg up on you!
You definitely want to change your WAN DNS settings to use Quad9's DNS servers. Do not give your ISP a leg up on you!
I just had one question about WebRTC leaks. On my PC there are no WebRTC leaks at every test I made and on one phone when using the Bromite browser app, no leaks are shown either. But when I use ipleak.net at duckduckgo app, I see an IP address that I think is a default IP Address of the app (correct me if I'm wrong) because it is not my ISP IP nor that of my router. So I think it’s connected to Duckduckgo. The same result happens when I use another phone with duckduckgo and I see the WebRTC leaks but with a different IP. But when I use browserleaks.com/webrtc for both phones, it shows the following:
Not quite sure about this one... perhaps someone else can jump in for advice. I'm running on a VPN, and PC clients or mobile phones all show that I'm not leaking any WebRTC... but I am not sure about what IP you're talking about. Could duckduckgo perhaps be using a vpn client or proxy of its own? Not quite sure...Thank you Viktor. All is
! WebRTC exposes your Local IP
✔ No Public IP Leak
I see the Local IP Address and Public IP Address. The logo/image of the Local looks like an LAN Port. Is this something I must leave alone or change into the router or the app itself?
Happy to help... as you read there, the Asus-Merlin FW built-in killswitch has its limits. In certain cases it won't work if your vpn connection stops. This is why, in the other post, @eibgrad suggested creating your own killswitch to get around these limitations. He was successful in building one (here). I had run with his idea, and built KILLMON that takes it a step further, and gives you some other options on protecting your devices in the event your vpn connection goes down, available here.
Happy to help... as you read there, the Asus-Merlin FW built-in killswitch has its limits. In certain cases it won't work if your vpn connection stops. This is why, in the other post, @eibgrad suggested creating your own killswitch to get around these limitations. He was successful in building one (here). I had run with his idea, and built KILLMON that takes it a step further, and gives you some other options on protecting your devices in the event your vpn connection goes down, available here.
I had also been dealing with my VPN connection going down all the time, and not having a good way to monitor it, or have it automatically reconnect. I built VPNMON-R2 for that purpose, and that has kept our VPN connection running 24x7 for years now. It really does work well for my purposes, and like the fact that I can randomly pick from 2000+ endpoints to appear from when it reconnects after a failure, or from a scheduled reset. If you haven't already played with that, you can get that here
The VPN Director is simply a tool to allow you to select which devices need to route over which VPN connection. In the guide I wrote, i recommended that you build one configuration for each of your VPN connections in order to force your local network traffic out over it, incase VPNMON-R2 switches from VPN slot #1 to #3, for instance. That way you're always guaranteed that your network traffic is being forced out through a VPN connection, if there is one present. It works surprisingly well.
The VPN Director is not going to automatically reconnect your VPN connection, if that is what you were asking. You will need a tool, like VPNMON-R2, to perform that reconnection task.
The killswitch setting you are describing acts independent of VPN Director. You can have rules on or off, it doesn't affect whether or not you want to use the built-in killswitch.
Hope that helps!
In my case I want to use it for the problem you had in regard to the VPN connection going down. I hope you can help me with it.
Not much you can do about your VPN connection going down... it can literally be a whole host of things... ISP issues, modem issues, VPN provider issues, VPN provider actually just rebooting their server, VPN server getting overloaded, internet weather, you name it... some VPN providers are better than others.Thank you very much for the info I really appreciate it. Maybe one of the reason the connection of vpn sometimes disconnect is because of what is mentioned here:
https://www.snbforums.com/threads/v...nown-on-client-status-panel.80984/post-791153
I have read about the VPNMON-R2 but still find it a bit difficult to understand its uses. is there maybe a guide for simple-minded folk like me to use
Yes, I did it I know how to use the AMTMNot much you can do about your VPN connection going down... it can literally be a whole host of things... ISP issues, modem issues, VPN provider issues, VPN provider actually just rebooting their server, VPN server getting overloaded, internet weather, you name it... some VPN providers are better than others.
VPNMON-R2 simply monitors your VPN connection, and if it goes down for any reason, it helps reconnect you. Easiest thing to do is play around with it... once you start getting more familiar with how it works, you too can start enjoying 100% VPN uptime.
Before I play around with it. Most I use a USB or can I just use it without it?
You certainly need a USB. Always recommended for storing a swap file and for storage for Entware tools (required) that are needed by vpnmon-r2.Yes, I did it I know how to use the AMTM
www.snbforums.com
You certainly need a USB. Always recommended for storing a swap file and for storage for Entware tools (required) that are needed by vpnmon-r2.
Everything you need to know is documented here... read the instructions, follow them, and let me know where you experience issues.
Instructions:
VPNMON - VPNMON-R2 v2.65 -Jan 27, 2024- DISCONTINUED - Upgrade to VPNMON-R3 Available! (#3)
v2.65 - Now with even more SuperRandom(tm) goodness!! Updated January 27, 2024 ***NOTICE*** VPNMON-R2 is being discontinued. Please upgrade to VPNMON-R3 for further support and new development! Executive Summary: VPNMON-R2 is an all-in-one script that works for any VPN service of your choice...
Use the recommended default.i believe it's EXT4. But yeah, it needs to stay connected at all times. Invest in a nice cheap SSD with a USB enclosure instead for the perfect setup, or a better quality flashdrive. They might get warm if there's a lot of activity but I've never heard of one catching on fire. It will fail long before that.
Hi Victor,
I suppose you can force the AES-256-GCM, but with mine, it already picks this by default when connecting.
--tun-mtu 1500 --fragment 1300 --mssfixThank you for the information.I suppose you can force the AES-256-GCM, but with mine, it already picks this by default when connecting.
I really have no opinion about the setenv... I don't think it's needed, and like you said, it has to do with Android, and some confusion is has picking client certificates and whatnot.
There's a good article here: https://www.thegeekpub.com/271035/openvpn-mtu-finding-the-correct-settings/ -- and it mentions setting tun-mtu to 1450, and mssfix to 1410... I have not tried those setting yet... Then, on the openvpn reference manual site, it states using these values:
(https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/)Code:--tun-mtu 1500 --fragment 1300 --mssfix
I'm definitely open to experimenting with these values to see if they provide any kind of performance difference!
With Regard to WireGuard and OpenVPN, I know that WireGuard offers a faster internet speed than OpenVPN, but is it safer?I suppose you can force the AES-256-GCM, but with mine, it already picks this by default when connecting.
I really have no opinion about the setenv... I don't think it's needed, and like you said, it has to do with Android, and some confusion is has picking client certificates and whatnot.
There's a good article here: https://www.thegeekpub.com/271035/openvpn-mtu-finding-the-correct-settings/ -- and it mentions setting tun-mtu to 1450, and mssfix to 1410... I have not tried those setting yet... Then, on the openvpn reference manual site, it states using these values:
(https://openvpn.net/community-resources/reference-manual-for-openvpn-2-4/)Code:--tun-mtu 1500 --fragment 1300 --mssfix
I'm definitely open to experimenting with these values to see if they provide any kind of performance difference!
Welcome To SNBForums
SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.
If you'd like to post a question, simply register and have at it!
While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!
