Traffic through OpenVPN Only (Tomato, Merlin,RT-N66U)

[arshk 0]

I have successfully followed the AirVPN instructions on setting up the Asus RT-N66U's (Merlin firmware) openvpn client.

 

My concern now is protecting privacy in the event the VPN drops & traffic continues through the ISP.

I would like to route all client traffic through the VPN & in the event it drops, no access to the internet is available to the clients.

 

Does anyone know of a solution for this  ?

 

A workable solution exists for the for DD-WRT routers & I'm guessing similar one can be done for the RT-N66U as it runs a variant of DD-WRT (AsusWRT). I'm not technical enough to implement it so would appreciate any help.

 

 

This post is to everyone that have openvpn configured in a dd-wrt router and wants to block all connections through the ISP if the VPN connection fails, avoiding leaking our real ISP IP.

I setup the connection to AIRVPN servers using the tutorial in https://airvpn.org/ddwrt and then insert following line to the firewall rules: "iptables -I FORWARD -i br0 -o vlan2 -j DROP"
- br0 is the bridge with my lan ports & wireless
- vlan2 is my WAN port connected to the modem ISP

So if there is any connection starting from my lan or wifi to the wan port the firewall of the router blocks the connection.

My firewall rules are like this:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

 

https://airvpn.org/index.php?option=com_kunena&func=view&catid=3&id=4287&Itemid=142#4287

[drliffel 0]

Would you know a fallback configuration for a tomato firmware as well? I can't find one anywhere! 

[resettler 0]

Did you know that RT-N66U has critical vulnerabilities that Asus has yet to patch? Read the following: http://www.h-online.com/security/news/item/Critical-vulnerabilities-in-numerous-ASUS-routers-1918469.html

 

Even if you have the best VPN setup, your router has security holes.

 

If I were you, I would write to Asus to insist they fix the holes.

 

I have successfully followed the AirVPN instructions on setting up the Asus RT-N66U's (Merlin firmware) openvpn client.

[rchunter 1]

Doesn't mean much since he's not using Asus firmware.

[Guest amdou]

• In opendns client tab, set "Accept DNS Configuration" disable
• then in WAN tab, click "Connect to DNS Server automatically" to "NO" and set DNS Server1 to 10.4.0.1 (which is AirVPN DNS) and leave second dns server empty.

So when vpn connection is lost, your DNS 10.4.0.1 wont work and all connection is stopped. Once you connect to Airvpn everything will be normal.

On DNS leak test, only Airvpn dns will be seen.

[Royee 10]

arshk

Check my post on this thread:

 

https://airvpn.org/topic/9920-airvpn-with-tomato-shibby-router/

 

Those firewall rules you posted do work and work fine on tomato based Asus routers....

 

you can even stop and start your openvpn client and then test the net to see if it still works,   once your client is stopped you should get no net access at all not till you start it.

 

And it works fine on my Asus RT-N16 router,  so should work fine on your Asus one.

[Royee 10]

 

• In opendns client tab, set "Accept DNS Configuration" disable
• then in WAN tab, click "Connect to DNS Server automatically" to "NO" and set DNS Server1 to 10.4.0.1 (which is AirVPN DNS) and leave second dns server empty.

So when vpn connection is lost, your DNS 10.4.0.1 wont work and all connection is stopped. Once you connect to Airvpn everything will be normal.

On DNS leak test, only Airvpn dns will be seen.

 

I attempted to use AirVPN DNS servers in my tomato router but found it hit and miss,   my issue was after a day or 2 it would fail to browse the internet... it was only till I used openic dns servers all issues were resolved.    Are you using Air dns servers in your router or a combination of another ?