RT-AC68U openvpn working but serverlog show zero bytes in/out, and other issues

[hiac]

Hello,

I recently purchase TM-AC1900 router, and flash to Merlin by following this url:
https://slickdeals.net/f/9071711-t-...free-ship-asus-rt-ac68u?src=SiteSearchV2Algo1

I configured openvpn (server 1, Interface Type=TUN, Protocol=UDP, Cipher Negotiation=Enabled (with fallback)). I then exported .ovpn to windows laptop, iphone, raspberry pi 3 （openelec). I have some questions and hope you can shed some light

1. One of the purpose to use vpn is so that I will appear as from other location (for example UK). but my vpn server is running in this asus router, and when I am at home, use my windows laptop or Raspberry pi to connect the vpn, it will also trace back to my router's external IP address. Does that mean this setup (setting up vpn at home server) defeat the purpose of vpn ?
if that's the case, what's the benefit to it from home device.

2. I have some issue with my iphone. I do have a workaround but not sure if it's good workaround. I have two .ovpn files which are identical except:
One with internal IP address of my router IP address
the other with WAN IP address
I loaded them to my iphone. here is testing result from home
a) if iphone is connect to home wifi, the .ovpn profile (with WAN Ip address) will not work. but the other one work
b) if iphone is disconnected from wifi, and I am using cellular data, then it's another way around.
I hope I can use one profile in both situation (connected with wifi or using cellular data)

then I bring iphone outside, and connect to mall, airport, hotel's wifi, I would expect the .ovpn profile (with WAN IP address) should work. but the result is mixed (for example, the wifi at airport is working, but the one at hotel doesn't).

3. raspberry pi 3, openelec
I load the .ovpn and it doesn't work. the error point to these two lines. so I comment them out. after that it's working.
is there any risk to do that?
#ncp-ciphers AES-128-GCD:AES-256-GDM:AES-128-CGC:AES-256-CDC
#keepalive 15 60

4. I verify vpn log at asus router. I can see the successful connection, and I use youtube, surf bbc.com, listen to music from device (windows, iphone, kodi...) without problem. But in vpn log, it show bytes in/out to be zero within 30 minutes of internet surfing. and after 1-2 hours, it show 0.01MB.
I am pretty sure the content I am viewing is more than 10MB. does that mean i didn't connect to vpn at all?

I appreciate your help

 

[overClocked!]

1. One of the purpose to use vpn is so that I will appear as from other location (for example UK). but my vpn server is running in this asus router, and when I am at home, use my windows laptop or Raspberry pi to connect the vpn, it will also trace back to my router's external IP address. Does that mean this setup (setting up vpn at home server) defeat the purpose of vpn ?
if that's the case, what's the benefit to it from home device.

Hello there. I think you are confusing the VPN server on your home router with a VPN service provider. The OpenVPN server built into your ASUS router is to provide a secure connection to your home network while you are traveling or otherwise outside of your local network. If you want to appear as though you are located in the U.K., then you need to connect to a VPN server that is actually located in the U.K. You will then use the gateway on that remote network to access the Internet so that the WAN IP address for your connection shows as being at that remote location. You don't want to connect to your own VPN server when you are already on it's local network. That serves no purpose. That's like mailing yourself a letter to your own home address...from your own mailbox. You just wasted a postage stamp and maybe a few days time in the process.

2. I have some issue with my iphone. I do have a workaround but not sure if it's good workaround. I have two .ovpn files which are identical except:
One with internal IP address of my router IP address
the other with WAN IP address
I loaded them to my iphone. here is testing result from home
a) if iphone is connect to home wifi, the .ovpn profile (with WAN Ip address) will not work. but the other one work
b) if iphone is disconnected from wifi, and I am using cellular data, then it's another way around.
I hope I can use one profile in both situation (connected with wifi or using cellular data)

See answer to number 1. Again, you trying to access your own router's VPN server when you are already on the local wifi network. You gain nothing by doing that, and add extra overhead applying encryption to what is already a private network. Only connect to your own VPN server when you are not at home AND require access to your home local network resources.

then I bring iphone outside, and connect to mall, airport, hotel's wifi, I would expect the .ovpn profile (with WAN IP address) should work. but the result is mixed (for example, the wifi at airport is working, but the one at hotel doesn't).

Most hotels block VPN traffic unless you pay for the privilege to use it or contact the hotel administration and ask them to add an exception for your device during your stay.

If you are trying to conceal your internet activity, access geo-blocked content, etc., from your home location, you need to subscribe to a VPN service provider that allows you to connect to servers other than your own.

 

[hiac]

Hi @overClocked!

Thank you very much to clarify my question.
One more question if you don't mind. I saw the post online always saying "connect to public wifi without VPN is vulnerable for attack". In that context, when I connect mobile phone/laptop to airport's wifi using it to check email, google, read news from bbc, reddit etc, does "connecting to openvpn at my home router" provide any protection at all? If answer is negative, my next question: "connecting to vpn service provider such as IPVanish will make it safer", and why ?

Thanks again for all your help!

 

[overClocked!]

Hi @overClocked!

Thank you very much to clarify my question.
One more question if you don't mind. I saw the post online always saying "connect to public wifi without VPN is vulnerable for attack". In that context, when I connect mobile phone/laptop to airport's wifi using it to check email, google, read news from bbc, reddit etc, does "connecting to openvpn at my home router" provide any protection at all? If answer is negative, my next question: "connecting to vpn service provider such as IPVanish will make it safer", and why ?

Thanks again for all your help!

In that scenario, yes, the VPN connection to your home network will provide a secure encrypted tunnel obscured to the public wifi. You need to make sure that you configure the OpenVPN Advanced settings to "Direct clients to redirect internet traffic". This will ensure your only connection out to the Internet when the VPN connection is active goes through your router's gateway and not the local wifi gateway. Depending on your subscribed bandwidth, this could slow down your speed quite a bit, so expect to see that. You should also set "Respond to DNS" so that you also use your router's DNS servers for name resolution instead of the public wifi DNS server settings.

If you need to secure a connection from your home to make your internet activity private, a good option is to subscribe a VPN service provider product. You can either use a software client installed on your network devices, or you can configure the VPN CLIENT portion of your router to access your account and create a tunnel to a remote server that you specify. Just remember that there is some overhead associated with that encryption and your speeds will be affected to some degree.




Sent from my iPhone using Tapatalk

 

[hiac]

Hi @overClocked!,

Many thanks for your suggestion. I configured my route for my openvpn setup. it now make sense

Thanks again!