ANSWERED Asus + Wireguard (success but some websites are blocked)

[kuchito 0]

Hi, I'm trying to set the VPN for only some of my devices trough Wireguard with Asus WRT merlin.

The problem I'm facing, is that even If I can connect successfully and I see that I'm in a new server other than where I am; I can't reach to some websites.

The steps I'm doing are:
- Create a new VPN conf
- VPN > VPN Client > Wireguard > Import config > Apply
- VPN > VPN Director > Add my device IP > Apply

After that, I check and my connection from that device is correctly set to the new VPN Server, but some websites are blocked.
If I use eddie client on that device, I can access to the blocked website.

I already checked most of the forum answers but I can't figure out. I even tried OpenVPN but I have the same result.

Thanks!

[Staff 9764]

Hello!

A possible cause is related to MTU. Please try to import a WireGuard configuration file with the following directive in the [Interface] section:

MTU = 1280

The Configuration Generator already adds an "MTU = 1320" line, but maybe this value is too large for your network.

You can edit the file with any text editor.

Kind regards
 

[kuchito 0]

Thanks!

I was able now to surf other websites. Something that I noticed now is that some pages have cloudfare captcha.

I went to dnscheck.tools and my ipv4 is from the airvpn server but my ipv6 is from my ISP 🤔

[Staff 9764]

1 hour ago, kuchito said:

I went to dnscheck.tools and my ipv4 is from the airvpn server but my ipv6 is from my ISP 🤔

Hello!
A possible explanation is that this Merlin WRT edition does not support IPv6 over IPv4. We saw this problem in some DD-WRT firmware too in past years. If nothing can be done you may perhaps consider to disable IPv6 on the router.
 

1 hour ago, kuchito said:

was able now to surf other websites. Something that I noticed now is that some pages have cloudfare captcha.

Excellent! The captchas can appear when the connection comes from VPN servers, Tor exit nodes and proxies, yes. It's a standard Cloudflare feature aimed at protection (as it happens not infrequently, connections from datacenters are considered more risky than connections from residential lines), and we're not sure whether the web site owners behind Cloudflare can disable it or not.

Kind regards
 

[kpkx 2]

5 hours ago, Staff said:

connections from datacenters are considered more risky than connections from residential lines), and we're not sure whether the web site owners behind Cloudflare can disable it or not.

I use Cloudflare for my site and it's exactly as you said. See https://developers.cloudflare.com/waf/reference/cloudflare-challenges/ for details. To my knowledge, website admins can't disable these challenges if an IP has displayed suspicious behavior.

[kuchito 0]

Thanks. Something I did was to disable IPV6 on my router. It's been going very well.
Only in the router is the problem as the edie client has no ipleak.

Thanks for all the help.