VPN + Diversion

[BaconScout]

Hello, I recently set up VPN (nord) on my router. VPN works fine, Diversion works fine but not together.

When running via VPN adds are not blocked. Flipping device off of VPN adds are blocked

Help is appreciated.
my setup:
RT-AC88U 386.12_6 (current)
Diversion 5.1.1 (current)

VPN is set up with NordVPN in exclusive mode as I only want specific devices to utilize the VPN (two currently).

I am running DNS Director but I'm not entirely sure if its relevant to this and if so what values to put in.

Any help is appreciated.

 

[Ripshod]

Traffic running over a VPN tunnel traffic bypasses all the controls on the router. What you are experiencing is known, and expected.

 

[BaconScout]

Can you elaborate?
Traffic isn't in the VPN tunnel until the router where the VPN is configured.
Based on your explanation anything that's happening in the router is going to be bypassed; QOS, firewall etc.

shouldn't it work like DEVICE (non vpn wifi) > router (services firewall etc) then VPN > cloud ?

 

[Joe Mifflin]

I had same issues when i upgraded from ac86u to ax88 pro....using wireguard with torguard vpn....spent weeks knowing I had something messed up....then I finally noticed I had the dns in wireguard settings to google....changed it to 192.168.50.1...diversion now works perfect through vpn

 

[ColinTaylor]

shouldn't it work like DEVICE (non vpn wifi) > router (services firewall etc) then VPN > cloud ?

No that's not how it works.

VPN is set up with NordVPN in exclusive mode as I only want specific devices to utilize the VPN (two currently).

Exclusive mode is a DNS setting not a device setting. By setting "Accept DNS configuration" to "Exclusive" you have told the router to ignore all other DNS servers (e.g. Diversion) and only use NordVPN's DNS servers for client queries. Specific device routing is done by VPN Director (policy rules).

 

[BaconScout]

No that's not how it works.


Exclusive mode is a DNS setting not a device setting. By setting "Accept DNS configuration" to "Exclusive" you have told the router to ignore all other DNS servers (e.g. Diversion) and only use NordVPN's DNS servers for client queries. Specific device routing is done by VPN Director (policy rules).

View attachment 57544

Colin, thank you.. this set me on the right path. I appreciate you taking the time to provide me with a helpful explanation!

 

[Harry Stewart]

Hello, I recently set up VPN (nord) on my router. VPN works fine, Diversion works fine but not together.

When running via VPN adds are not blocked. Flipping device off of VPN adds are blocked

Help is appreciated.
my setup:
RT-AC88U 386.12_6 (current)
Diversion 5.1.1 (current)

VPN is set up with NordVPN in exclusive mode as I only want specific devices to utilize the VPN (two currently).

I am running DNS Director but I'm not entirely sure if its relevant to this and if so what values to put in.

View attachment 57449

View attachment 57450

Any help is appreciated.

Mine works great!!! Using Surfshark. I have two clients set up - first one is a dedicated IP from Surfshark. The second one is a standard VPN setting through Surfshark so I can change locations for specific devices if I want to. Surfshark's dedicated IP only works with one location and can't be changed. Anyway, it would be interesting to see how you set up your VPN director - it took me a while to figure it out. I have ip phones, which don't like VPN's so they are excluded by using a static local ip on the devices. Anything on the DHCP portion of my internal IP is directed to the VPN. Diversion works great. I have a RT-AX88U running 3004.388.7 and Diversion Version 5.1.3 Again I am totally thrilled on how this works. My laptop is running the dedicated VPN IP (via DHCP) - and Diversion is blocking my ads. I do not run my firesticks through the VPN on the router as it stalls my streaming from time to time. I use Surfshare client on the firesticks instead.