Jump to content
Not connected, Your IP: 3.136.19.203
Sign in to follow this  
gpieper

[SOLVED] Failed to connect through DD-WRT router

Recommended Posts

I configured my router (Netgear WNR3500L) with the help of https://airvpn.org/ddwrt and can only connect to my ISP. Here is my log if someone can figure it out.

Serverlog Clientlog 20120910 13:11:24 I OpenVPN 2.2.1 mipsel-linux [sSL] [LZO2] built on Jul 31 2012

20120910 13:11:24 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001

20120910 13:11:24 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120910 13:11:24 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

20120910 13:11:24 I LZO compression initialized

20120910 13:11:24 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120910 13:11:24 Socket Buffers: R=[114688->131072] S=[114688->131072]

20120910 13:11:24 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20120910 13:11:24 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120910 13:11:24 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120910 13:11:24 Local Options hash (VER=V4): '22188c5b'

20120910 13:11:24 Expected Remote Options hash (VER=V4): 'a8f55717'

20120910 13:11:24 I UDPv4 link local: [undef]

20120910 13:11:24 I UDPv4 link remote: 95.211.191.33:443

20120910 13:11:24 TLS: Initial packet from 95.211.191.33:443 sid=fe1f4851 66f01929

20120910 13:12:04 MANAGEMENT: Client connected from 127.0.0.1:5001

20120910 13:12:04 D MANAGEMENT: CMD 'state'

20120910 13:12:04 MANAGEMENT: Client disconnected

20120910 13:12:04 MANAGEMENT: Client connected from 127.0.0.1:5001

20120910 13:12:04 D MANAGEMENT: CMD 'state'

20120910 13:12:04 MANAGEMENT: Client disconnected

20120910 13:12:04 MANAGEMENT: Client connected from 127.0.0.1:5001

20120910 13:12:04 D MANAGEMENT: CMD 'state'

20120910 13:12:04 MANAGEMENT: Client disconnected

20120910 13:12:04 MANAGEMENT: Client connected from 127.0.0.1:5001

20120910 13:12:04 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

Share this post


Link to post

I configured my router (Netgear WNR3500L) with the help of https://airvpn.org/ddwrt and can only connect to my ISP. Here is my log if someone can figure it out.

Hello!

Can you please send us information about your DD-WRT OpenVPN setup (if you use the DD-WRT web interface, screenshots are just fine)?

Kind regards

Share this post


Link to post

@gpiper

Hello!

The attached screenshot show a correct configuration. Can you please check iptables rules and make sure that certificates and key have been properly copied and pasted? Can you also send us the OpenVPN logs?

Please not that the image links have been removed because of spam and incorrect behavior of the image hosting service used, anyway they have been correctly displayed before the deletion. You can freely attach images directly on out forum.

Kind regards

Share this post


Link to post

Hello,

I have the same issue, but with a differet router LINKSYS E4200 v1 with DD-WRT/OpenVPn installed on it.

Version of DD-WRT firmware is

DD-WRT v24-sp2 (07/20/12) mega

(SVN revision 19519)

I've followed the steps described here https://airvpn.org/ddwrt.

Here is my OpenVPN log:

Serverlog Clientlog 20120911 18:08:24 I SIGUSR1[soft tls-error] received process restarting

20120911 18:08:24 Restart pause 2 second(s)

20120911 18:08:26 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120911 18:08:26 I Re-using SSL/TLS context

20120911 18:08:26 I LZO compression initialized

20120911 18:08:26 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120911 18:08:26 Socket Buffers: R=[114688->131072] S=[114688->131072]

20120911 18:08:26 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20120911 18:08:26 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120911 18:08:26 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120911 18:08:26 Local Options hash (VER=V4): '22188c5b'

20120911 18:08:26 Expected Remote Options hash (VER=V4): 'a8f55717'

20120911 18:08:26 I UDPv4 link local: [undef]

20120911 18:08:26 I UDPv4 link remote: 69.163.36.66:443

20120911 18:08:26 TLS: Initial packet from 69.163.36.66:443 sid=d674e07c f92ea13b

20120911 18:08:26 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120911 18:08:26 VERIFY OK: nsCertType=SERVER

20120911 18:08:26 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120911 18:09:26 N TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)

20120911 18:09:26 N TLS Error: TLS handshake failed

20120911 18:09:26 TCP/UDP: Closing socket

20120911 18:09:26 I SIGUSR1[soft tls-error] received process restarting

20120911 18:09:26 Restart pause 2 second(s)

20120911 18:09:28 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120911 18:09:28 I Re-using SSL/TLS context

20120911 18:09:28 I LZO compression initialized

20120911 18:09:28 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120911 18:09:28 Socket Buffers: R=[114688->131072] S=[114688->131072]

20120911 18:09:28 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20120911 18:09:28 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120911 18:09:28 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120911 18:09:28 Local Options hash (VER=V4): '22188c5b'

20120911 18:09:28 Expected Remote Options hash (VER=V4): 'a8f55717'

20120911 18:09:28 I UDPv4 link local: [undef]

20120911 18:09:28 I UDPv4 link remote: 69.163.36.66:443

20120911 18:09:28 TLS: Initial packet from 69.163.36.66:443 sid=ef2fd8fe 0c833747

20120911 18:09:28 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120911 18:09:28 VERIFY OK: nsCertType=SERVER

20120911 18:09:28 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120911 18:10:17 MANAGEMENT: Client connected from 127.0.0.1:5001

20120911 18:10:17 D MANAGEMENT: CMD 'state'

20120911 18:10:17 MANAGEMENT: Client disconnected

20120911 18:10:17 MANAGEMENT: Client connected from 127.0.0.1:5001

20120911 18:10:17 D MANAGEMENT: CMD 'state'

20120911 18:10:17 MANAGEMENT: Client disconnected

20120911 18:10:17 MANAGEMENT: Client connected from 127.0.0.1:5001

20120911 18:10:17 D MANAGEMENT: CMD 'state'

20120911 18:10:17 MANAGEMENT: Client disconnected

20120911 18:10:17 MANAGEMENT: Client connected from 127.0.0.1:5001

20120911 18:10:17 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

I've connected with ssh to router and it seems that OpenVPN creates this client configuration file:

ca /tmp/openvpncl/ca.crt

cert /tmp/openvpncl/client.crt

key /tmp/openvpncl/client.key

management 127.0.0.1 5001

management-log-cache 50

verb 4

mute 5

log-append /var/log/openvpncl

writepid /var/run/openvpncl.pid

client

resolv-retry infinite

nobind

persist-key

persist-tun

script-security 2

mtu-disc yes

dev tun1

proto udp

cipher aes-256-cbc

auth sha1

remote 69.163.36.66 443

tls-client

tun-mtu 1500

comp-lzo yes

ns-cert-type server

fast-io

tls-cipher AES256-SHA

where it's using "tun1" instead of "tun0" for interface.

According to this I've modified the command sripts to

startup

/usr/sbin/openvpn --mktun --dev tun1

firewall

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT

iptables -I FORWARD -i tun1 -o br0 -j ACCEPT

iptables -I INPUT -i tun1 -j REJECT

iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

NOTE: My home setup has two routers: one from my ISP provider(192.168.1.1) and LINKSYS E4200(192.168.15.1) sitting behind ISP router.

WAN of LINKSYS router is connected to LAN of the ISP router. My laptop connected with cable to LINKSYS router can access the internet.

I've been trying different startup scripts but nothing seems to work.I'm trying to connect to Vega server(DNS 10.4.0.1) using UDP on 443 port.

Please help.

Thanks

vpnlogs.zip

Share this post


Link to post
@gpiper

Hello!

The attached screenshot show a correct configuration. Can you please check iptables rules and make sure that certificates and key have been properly copied and pasted? Can you also send us the OpenVPN logs?

Kind regards[/quot]

I recopied the certificates and key plus the firewall iptables from https://airvpn.org/ddwrt

I also tried a different server (Leonis)...no luck. Here is the OpenVPN log:

Log Serverlog Clientlog 19700101 00:00:07 I OpenVPN 2.2.1 mipsel-linux [sSL] [LZO2] built on Jul 31 2012

19700101 00:00:07 MANAGEMENT: TCP Socket listening on 127.0.0.1:5001

19700101 00:00:07 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

19700101 00:00:07 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible

19700101 00:00:07 I LZO compression initialized

19700101 00:00:07 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

19700101 00:00:07 Socket Buffers: R=[114688->131072] S=[114688->131072]

19700101 00:00:07 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

19700101 00:00:07 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

19700101 00:00:07 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

19700101 00:00:07 Local Options hash (VER=V4): '22188c5b'

19700101 00:00:07 Expected Remote Options hash (VER=V4): 'a8f55717'

19700101 00:00:07 I UDPv4 link local: [undef]

19700101 00:00:07 I UDPv4 link remote: 85.17.123.26:443

20120911 21:50:21 I [uNDEF] Inactivity timeout (--ping-restart) restarting

20120911 21:50:21 TCP/UDP: Closing socket

20120911 21:50:21 I SIGUSR1[soft ping-restart] received process restarting

20120911 21:50:21 Restart pause 2 second(s)

20120911 21:50:23 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts

20120911 21:50:23 I Re-using SSL/TLS context

20120911 21:50:23 I LZO compression initialized

20120911 21:50:23 Control Channel MTU parms [ L:1558 D:138 EF:38 EB:0 ET:0 EL:0 ]

20120911 21:50:23 Socket Buffers: R=[114688->131072] S=[114688->131072]

20120911 21:50:23 Data Channel MTU parms [ L:1558 D:1450 EF:58 EB:135 ET:0 EL:0 AF:3/1 ]

20120911 21:50:23 Local Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-client'

20120911 21:50:23 Expected Remote Options String: 'V4 dev-type tun link-mtu 1558 tun-mtu 1500 proto UDPv4 comp-lzo cipher AES-256-CBC auth SHA1 keysize 256 key-method 2 tls-server'

20120911 21:50:23 Local Options hash (VER=V4): '22188c5b'

20120911 21:50:23 Expected Remote Options hash (VER=V4): 'a8f55717'

20120911 21:50:23 I UDPv4 link local: [undef]

20120911 21:50:23 I UDPv4 link remote: 85.17.123.26:443

20120911 21:50:23 TLS: Initial packet from 85.17.123.26:443 sid=22bddc42 044ed9db

20120911 21:50:24 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120911 21:50:24 VERIFY OK: nsCertType=SERVER

20120911 21:50:24 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120911 21:50:25 MANAGEMENT: Client connected from 127.0.0.1:5001

20120911 21:50:25 D MANAGEMENT: CMD 'state'

20120911 21:50:25 MANAGEMENT: Client disconnected

20120911 21:50:25 MANAGEMENT: Client connected from 127.0.0.1:5001

20120911 21:50:25 D MANAGEMENT: CMD 'state'

20120911 21:50:25 MANAGEMENT: Client disconnected

20120911 21:50:25 MANAGEMENT: Client connected from 127.0.0.1:5001

20120911 21:50:25 D MANAGEMENT: CMD 'state'

20120911 21:50:25 MANAGEMENT: Client disconnected

20120911 21:50:25 MANAGEMENT: Client connected from 127.0.0.1:5001

20120911 21:50:25 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

Share this post


Link to post

Hello,

NOTE: My home setup has two routers: one from my ISP provider(192.168.1.1) and LINKSYS E4200(192.168.15.1) sitting behind ISP router.

WAN of LINKSYS router is connected to LAN of the ISP router. My laptop connected with cable to LINKSYS router can access the internet.

I've been trying different startup scripts but nothing seems to work.I'm trying to connect to Vega server(DNS 10.4.0.1) using UDP on 443 port.

Please help.

Thanks

Hello!

Can you please make sure that your ISP router is working in bridge mode?

Also, can you please try connections to a TCP port in different servers, to check whether you have problems with outbund port 443 UDP?

Kind regards

Share this post


Link to post
@gpiper

I recopied the certificates and key plus the firewall iptables from https://airvpn.org/ddwrt

I also tried a different server (Leonis)...no luck. Here is the OpenVPN log:

Hello!

Can you please try a connection to a TCP port in order to determine whether the problem lies in outbound 443 UDP?

Kind regards

Share this post


Link to post

Hi,

I've modified OpenVPN configuration to connect to the same server(Vega) but this time using TCP protocol and Port 80.

OpenVPN client keeps trying to reconnect to the server with no real success. The state bar shows "RECONNECTING".

When using UDP on port 443 the state bar showed "AUTH".

I've attached the log file and the screen shot with the new configuration for OpenVPN. I've also disabled firewall, so we can focus first on connection.

Thanks

vpnlogs_2.zip

Share this post


Link to post

Hello!

Can you please try a connection to a TCP port in order to determine whether the problem lies in outbound 443 UDP?

Kind regards

I tried a connection to Sirius on 80 TCP. Still nothing.

DD-WRT.zip

Share this post


Link to post

I tried a connection to Sirius on 80 TCP. Still nothing.

Hello!

The logs show that the connection was fully successful. Could you access the Internet from your DD-WRT connected devices ?

Kind regards

Share this post


Link to post

Hi,

I've modified OpenVPN configuration to connect to the same server(Vega) but this time using TCP protocol and Port 80.

OpenVPN client keeps trying to reconnect to the server with no real success. The state bar shows "RECONNECTING".

When using UDP on port 443 the state bar showed "AUTH".

I've attached the log file and the screen shot with the new configuration for OpenVPN. I've also disabled firewall, so we can focus first on connection.

Thanks

Hello!

Can you please make sure that your ISP router is working in bridge mode?

About the "Unroutable control packet received" error, it is normally due to an invalid certificate (expired or not yet valid). Please check your routers system clocks and that you have properly pasted ca.crt and user.crt.

Kind regards

Share this post


Link to post

Hello!

The logs show that the connection was fully successful. Could you access the Internet from your DD-WRT connected devices ?

Kind regards

The log showed that I do connect but then disconnect. I tried the connection with the same configuration again with the same results. The STATE keeps showing Client:RECONNECTING.

20120912 21:06:22 I TCP connection established with 108.59.8.147:80

20120912 21:06:22 I TCPv4_CLIENT link local: [undef]

20120912 21:06:22 I TCPv4_CLIENT link remote: 108.59.8.147:80

20120912 21:06:22 TLS: Initial packet from 108.59.8.147:80 sid=686390b6 ba017dab

20120912 21:06:23 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120912 21:06:23 VERIFY OK: nsCertType=SERVER

20120912 21:06:23 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120912 21:06:23 MANAGEMENT: Client connected from 127.0.0.1:5001

20120912 21:06:23 D MANAGEMENT: CMD 'state'

20120912 21:06:23 MANAGEMENT: Client disconnected

20120912 21:06:23 MANAGEMENT: Client connected from 127.0.0.1:5001

20120912 21:06:23 D MANAGEMENT: CMD 'state'

20120912 21:06:23 MANAGEMENT: Client disconnected

20120912 21:06:23 MANAGEMENT: Client connected from 127.0.0.1:5001

20120912 21:06:23 D MANAGEMENT: CMD 'state'

20120912 21:06:23 MANAGEMENT: Client disconnected

20120912 21:06:24 MANAGEMENT: Client connected from 127.0.0.1:5001

20120912 21:06:24 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

Share this post


Link to post

Hello!

The logs show that the connection was fully successful. Could you access the Internet from your DD-WRT connected devices ?

Kind regards

The log showed that I do connect but then disconnect. I tried the connection with the same configuration again with the same results. The STATE keeps showing Client:RECONNECTING.

20120912 21:06:22 I TCP connection established with 108.59.8.147:80

20120912 21:06:22 I TCPv4_CLIENT link local: [undef]

20120912 21:06:22 I TCPv4_CLIENT link remote: 108.59.8.147:80

20120912 21:06:22 TLS: Initial packet from 108.59.8.147:80 sid=686390b6 ba017dab

20120912 21:06:23 VERIFY OK: depth=1 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=airvpn.org_CA/emailAddress=info@airvpn.org

20120912 21:06:23 VERIFY OK: nsCertType=SERVER

20120912 21:06:23 VERIFY OK: depth=0 /C=IT/ST=IT/L=Perugia/O=airvpn.org/CN=server/emailAddress=info@airvpn.org

20120912 21:06:23 MANAGEMENT: Client connected from 127.0.0.1:5001

20120912 21:06:23 D MANAGEMENT: CMD 'state'

20120912 21:06:23 MANAGEMENT: Client disconnected

20120912 21:06:23 MANAGEMENT: Client connected from 127.0.0.1:5001

20120912 21:06:23 D MANAGEMENT: CMD 'state'

20120912 21:06:23 MANAGEMENT: Client disconnected

20120912 21:06:23 MANAGEMENT: Client connected from 127.0.0.1:5001

20120912 21:06:23 D MANAGEMENT: CMD 'state'

20120912 21:06:23 MANAGEMENT: Client disconnected

20120912 21:06:24 MANAGEMENT: Client connected from 127.0.0.1:5001

20120912 21:06:24 D MANAGEMENT: CMD 'log 500'

19700101 00:00:00

Hello!

It might be a firmware problem. Can you please try to change version?

Kind regards

Share this post


Link to post

Hello!

It might be a firmware problem. Can you please try to change version?

Kind regards

I changed my firmware version and was able to connect! The OpenVPN setup page on DD-WRT wouldn't accept LZO Compression set to "yes" only "adaptive".

I notice that I have a DNS leak. On my WAN status page it shows 3 DNS servers 10.4.0.1 plus 2 from my ISP. How do I prevent them for connecting?

Share this post


Link to post

Hello!

It might be a firmware problem. Can you please try to change version?

Kind regards

I changed my firmware version and was able to connect! The OpenVPN setup page on DD-WRT wouldn't accept LZO Compression set to "yes" only "adaptive".

Hello!

That's great, thank you for the information. Could you please specify the exact firmware version that is working with your router model?

I notice that I have a DNS leak. On my WAN status page it shows 3 DNS servers 10.4.0.1 plus 2 from my ISP. How do I prevent them for connecting?

That does not necessarily mean that you have a DNS leak from your router. First please check that you really have a DNS leak here:

http://dnsleaktest.com

Then, please make sure that the leak is not caused by the devices connected to the router (do not force them to use different DNS servers).

If the leak is confirmed, you might like to read the zdrifter post about that and more (it will prevent any leak):

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2377&Itemid=142#2377

Kind regards

Share this post


Link to post

Hello!

That's great, thank you for the information. Could you please specify the exact firmware version that is working with your router model?

 

dd-wrt.v24-18774_NEWD-2_K2.6_openvpn.bin (works)

If the leak is confirmed, you might like to read the zdrifter post about that and more (it will prevent any leak):

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2377&Itemid=142#2377

Kind regards

Thank you, I will try that.

Share this post


Link to post

If the leak is confirmed, you might like to read the zdrifter post about that and more (it will prevent any leak):

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2377&Itemid=142#2377

Kind regards

After reading zdrifter's post I found that I use tun1 interface. I added the new iptables (except for the last line) in the firewall and saved. I still have a dns leak confirmed with http://www.dnsleaktest.com

Share this post


Link to post

If the leak is confirmed, you might like to read the zdrifter post about that and more (it will prevent any leak):

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=2377&Itemid=142#2377

Kind regards

After reading zdrifter's post I found that I use tun1 interface. I added the new iptables (except for the last line) in the firewall and saved. I still have a dns leak confirmed with http://www.dnsleaktest.com

Hello!

Can you please tell us which DNS servers are displayed by the dns leak test?

Kind regards

Share this post


Link to post

Hello!

Can you please tell us which DNS servers are displayed by the dns leak test?

Kind regards

Share this post


Link to post

Hello!

Can you please tell us which DNS servers are displayed by the dns leak test?

Kind regards

Before there were several dns servers listed including my isp, now only my isp.

Share this post


Link to post

Hello!

Can you please tell us which DNS servers are displayed by the dns leak test?

Kind regards

Before there were several dns servers listed including my isp, now only my isp.

Hello!

They are not visible on the screenshot which is pertaining to the DD-WRT web interface. You should watch at the DNS servers displayed in the leak test site. Anyway, does the dns leak site display your ISP DNS? If so, can you please post your complete iptables rules list?

Kind regards

Share this post


Link to post

Hello!

Can you please tell us which DNS servers are displayed by the dns leak test?

Kind regards

Before there were several dns servers listed including my isp, now only my isp.

Hello!

Ok, this new screenshot shows what you say. We should examine the iptables rules.

Kind regards

Share this post


Link to post

Hello!

They are not visible on the screenshot which is pertaining to the DD-WRT web interface. You should watch at the DNS servers displayed in the leak test site. Anyway, does the dns leak site display your ISP DNS? If so, can you please post your complete iptables rules list?

Kind regards

Sorry, I tried to upload more than 1 screenshot.

Desktop.zip

Share this post


Link to post

Hello!

They are not visible on the screenshot which is pertaining to the DD-WRT web interface. You should watch at the DNS servers displayed in the leak test site. Anyway, does the dns leak site display your ISP DNS? If so, can you please post your complete iptables rules list?

Kind regards

Sorry, I tried to upload more than 1 screenshot.

Hello!

Ok, now we have all the information we need.

A rule is missing:

iptables -I OUTPUT -o ! --dst a.b.c.d -j DROP # if destination for outgoing packet on is NOT a.b.c.d, drop the packet, so that nothing leaks if VPN disconnects

# the above line can be duplicated for as many Air servers as you wish to connect to, just insert the appropriate Air server entry-IP

This is the rule which will prevent leaks.

a.b.c.d is the entry-IP address of the Air server DD-WRT router connects to. is your router network interface (probably br0, determine its name with command "netstat -r").

Important! Please note if you use the last entry above in the firewall (iptables -I OUTPUT -o br0 ! --dst a.b.c.d -j DROP) you will lose access to the router. Thus if the tunnel goes down ...well you know. So you may want to leave this entry off the GUI and if/when you are set up properly and then run it from the telnet prompt. That way if you need router access you can reboot and be OK.

Please see also zdrifter post for more details.

Kind regards

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...