Jump to content
Not connected, Your IP: 44.200.39.110
drakon

airvpn with tomato shibby router

Recommended Posts

Hi,

 

Previously, I was using AirVPN with Comodo Firewall on one computer. I decided to get a Tomato router so that anything connected to this router will go through the VPN. So far it is running. My question is... Do I need to mess with iptables to prevent DNS leaks? I don't want to allow any internet access if the VPN goes down.

 

TIA!

Share this post


Link to post

The answer is Yes,  however I have yet to figure out how to correctly make an IP table or settings for my tomato router to prevent disconnection or DNS leaks,   if someone could draw up a super newbie guide on how to get it done or a link showing how its done I too would be most greatefull.

 

So far people have suggested to look at these links :

 

https://airvpn.org/topic/4287-how-to-block-all-traffic-with-dd-wrt-if-vpn-connection-fails/

 

https://airvpn.org/topic/2377-preventing-dns-leaks-dd-wrt-router-client/

 

I am still attempting to figure out it all out,  if you get anyware or someone helps that would be great !

 

PS:  I think tomato router and everything connected thru it is the best setup too

Share this post


Link to post

The first link seems to work... Paste those rules into Administration->Scripts->Firewall.. Save it.. I'm not sure if you need to reboot, but i did. To test.. go to OpenVPN and disable it. You should not be able to access the internet now (before you could without the rules). Re-enable your VPN.

 

When I go to https://www.dnsleaktest.com/ I get "0 DNS servers listed." Not sure what this means. I set AirVPN as my first DNS and went to OpenNIC for a couple more.

Share this post


Link to post

I will also copy and paste them into firewall rules and give it a try thanks,  only thing is testing with openvpn client ?

 

Would it not be safer to disable the VPN client from within the Tomato router,  and then see if normal internet is still working and getting through?

 

Its the normal internet that should be blocked or if Im seeing this wrong...

 

Ill give it a shot soon anyhow and report back!

 

Regarding the DNS entries,  I too use to use AirVPN DNS servers in my tomatoe router,  I found while sometimes they did connect and work they would eventually stop working and stop access to the internet.  I had to use Openic logless servers listed here:

 

http://wiki.opennicproject.org/Tier2

 

There are plenty which support anonymous logging "yes"  once I entered in both openic logless dns servers into my tomato router all was golden and able to get DNS showing correctly try airvpns one here: http://ipleak.net/  it should report airvpns exit server or AirVPNs new ip only,  and not your real ISP IP.

Share this post


Link to post

Ok took the above advice from Drakon (thanks !)  and Friberos firewall rules for Routers with VPNs

 

Guide To Block internet connection if VPN fails

 

Paste these rules into Administration->Scripts->Firewall.. Save it.  Then reboot the router,  if you do not reboot the firewall rules will not work.

 

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

 

If you want to confirm the above rules are working then log into your Router and Stop your VPN client,  then attempt to surf you will notice it will not surf at all,  all internet is blocked.  Re-enable the VPN client under the router and then you can start to surf again.  If it has not worked then you may not have Saved it and rebooted the router when applying the Firewall settings so double check it and retry.

Share this post


Link to post

That's what i meant.. shut down the openvpn client in the router.

 

Glad you got it to work too!

Share this post


Link to post

Yes very happy,    did you manage to solve the DNS not showing up on that dnsleak website?

 

I did attempt to use AirVPN dns servers in the tomato router to prevent dns leaks,  but I found it was getting flaky and then causing no websites to load sometimes good for few days even !  Otherwise this would have fixed DNS leaks 100%,   sadly I could not explain or tell why it was causing the internet to drop out.

 

Once I used Openic dns servers all issues fixed, rock solid for weeks on end.

Share this post


Link to post

Ok took the above advice from Drakon (thanks !)  and Friberos firewall rules for Routers with VPNs

 

Guide To Block internet connection if VPN fails

 

Paste these rules into Administration->Scripts->Firewall.. Save it.  Then reboot the router,  if you do not reboot the firewall rules will not work.

 

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT

iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

iptables -I FORWARD -i br0 -o vlan2 -j DROP

iptables -I INPUT -i tun0 -j REJECT

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

 

If you want to confirm the above rules are working then log into your Router and Stop your VPN client,  then attempt to surf you will notice it will not surf at all,  all internet is blocked.  Re-enable the VPN client under the router and then you can start to surf again.  If it has not worked then you may not have Saved it and rebooted the router when applying the Firewall settings so double check it and retry.

 

 

 

Yes this worked perfectly for me, copied/pasted just like you said above, and it simply works. The instant the AirVPN connection drops, all Internet access immediately ceases. Very, very cool!

 

On another note, it is super simple to prevent DNS leaks if you are using Tomato (and I would imagine DD-WRT or the OpenVPN client too) there is an option on the "Advanced" tab that says "Accept DNS Configuration". Select the "Exclusive" option and it will deny all DNS other than the VPN provided ones. Simple!

 

I do have one question on the above firewall script. I noticed that AirVPN will occasionally disconnect, and the Internet immediately drops (as expected) but the VPN connection does not auto-reconnect (using Tomato router). So that is a problem for me, because I have to go into the router manually and restart the connection each time. And intermittently for some reason it will not reocnnect for me to the us.vpn.airdns.org for whatever reason but the europe.vpn.airdns.org works fine. I give it a few minutes and try the us one again and eventually get it to reconnect.

 

Is there some way to make Tomato automatically re-connect to AirVPN so I don't have to manually go in each time?

 

Much thanks!!! These forums have helped me solve a lot of problems!

Share this post


Link to post

Hello,

 

I'm using  Auswrt-Merlin build w/ RT_AC66U and Air VPN -  Can anyone point me to something that assists with preventing  internet connection  if the VPN service stops or crashes.  I am assuming the steps recommended above won't work on my firmware?

 

Thanks

Share this post


Link to post

Guide To Block internet connection if VPN fails

 

Paste these rules into Administration->Scripts->Firewall.. Save it.  Then reboot the router,  if you do not reboot the firewall rules will not work.

 

iptables -I FORWARD -i br0 -o tun0 -j ACCEPT

iptables -I FORWARD -i tun0 -o br0 -j ACCEPT

iptables -I FORWARD -i br0 -o vlan2 -j DROP

iptables -I INPUT -i tun0 -j REJECT

iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

This works great, tried on both shabby and toastman tomato builds. I know in another threat you had some issues using air vpn dns. I have always used the air dns 10.4.0.1 as the first dns and then added two openic dns servers as backups.

Share this post


Link to post

I was using this script on my R7000 with Tomato firmware and it was working but I changed my internet connection from DHCP to PPPOE and found it didn't stop leaks. So I telnet-ed into the router and did ifconfig to list the ports and found that tun11 is my VPN and ppp0 is the WAN port so I changed the rules to look like this

 

iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP

iptables -I FORWARD -i br0 -o ppp0 -j DROP
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE
 

not knowing what I am doing really but I tested it and it seems to work but if I don't add the extra line after vlan2 with ppp0 it won't block the traffic when the vpn drops.

 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...