Joined: 18 Mar 2014 Posts: 12877 Location: Netherlands
Posted: Fri Jul 21, 2017 16:56 Post subject:
One of our resident Guru's is @Eibgrad, I hope he will chime in and tells the real solution .
In the mean time just a tought: when you contact your VPN server from the internet and want to reach your LAN then the traffic has to come out via the internet. Your kill switch is preventing this.
For testing purposes remove your kill switch and see if it then works. _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
Joined: 18 Mar 2014 Posts: 12877 Location: Netherlands
Posted: Sat Jul 22, 2017 10:00 Post subject:
d0ug wrote:
egc wrote:
One of our resident Guru's is @Eibgrad, I hope he will chime in and tells the real solution .
In the mean time just a tought: when you contact your VPN server from the internet and want to reach your LAN then the traffic has to come out via the internet. Your kill switch is preventing this.
For testing purposes remove your kill switch and see if it then works.
Yeah, I have seen Eibgrad's posts and was hoping I might get a reply from him, however looking at his post history it doesn't look like he has been active for a couple months.
I do understand the kill switch would block the VPN server from being accessible, it seems putting IPs in the policy based routing fixes this, since it keeps OpenVPN from changing the default route for the router 10.10.10.1
As I am currently setup the VPN server does work while the VPN client is online, but because of the way OpenVPN changes the default route for the router when IPs are specified in Policy Based Routing, it appears this might also the be cause of the DNS leaking issue. It would appear just as the VPN server is accessible on the WAN IP, all the DNS queries from DNSMasq are going out the WAN rather than over the VPN.
You are right about the DNS leaking issue with PBR.
Therefore PIA advises to use their DNS servers as default (they are accessible via the public internet).
In the basic setup I have specified:
static DNS 1: 209.222.18.222
static DNS 2: 209.222.18.218
static DNS 3: 10.0.0.1
1 and 2 are PIA DNS servers, 3 is a bogus DNS server to prevent using your ISP if PIA is down. You could also use an OpenDNS server as number 3, the chances that they are logging and will hand out your DNS queries are minimal.
.