heredago's blog

September 17, 2013

how to connect to a VPN server on a TomatoUSB router and then only tunnel the traffic to specific hosts

Filed under: Uncategorized — Tags: , , , , , , , , , — heredago @ 20:48

1- setup openvpn connection on the router

https://www.privateinternetaccess.com/pages/client-support/#tomato_openvpn

https://www.privateinternetaccess.com/forum/index.php?p=/discussion/110/updated-tomato-setup-for-newer-branches-including-tomatousb

 

2- ImageImageImageImage

 

 

then

2- only tunnel specific hosts route through openvpn client on tomato

http://serverfault.com/questions/382498/howto-only-tunnel-specific-hosts-route-through-openvpn-client-on-tomato

I finally did it 🙂

I’m using v1.28.9054 MIPSR2-beta K26 USB vpn3.6, but should work on others, as it’s networking.

OpenVPN wants to setup all your routing, you’ve got to stop that…

In VPN Tunneling/Client/Basic: Uncheck “Create NAT on Tunnel”

In VPN Tunneling/Client/Advanced: Uncheck “Redirect Internet Traffic”

Custom Configuration, add the line: route-nopull

 

In Administration/Scripts/Firewall, make sure you have:

iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE

Reboot, and viola, you got nothing…

Then, in a VPN up script (Best choice), or if you have your VPN start with WAN, put in your Administration/Scripts/WANUP

sleep 30
ip route flush table 200
ip route flush cache
ip rule add from 192.168.1.11 lookup 200
ip rule add from 192.168.1.13 lookup 200
VPN_GW=`ifconfig tun11 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
ip route add table 200 default via $VPN_GW dev tun11

This probaly isn’t the “best” or “proper” way to do it, but it works. Now only 192.168.1.11 and192.168.2.13 will go through the OpenVPN tunnel. All other devices, and their traffic will go local.

This was extremely important for me, as i didnt want my Transmission torrent traffic going over the VPN. Some guy like SgtPepperKSU is looking at this and probably laughing… Anyway, from one Routing noob to another…

Advertisements

December 30, 2012

PIA VPN DNS LEAK INSTRUCTIONS REDDIT private internet access utorrent

Filed under: Uncategorized — Tags: , , , , , , , — heredago @ 05:58

http://www.reddit.com/r/VPN/comments/15iixg/pia_vpnam_i_doing_it_right_a_few_quick_questions/

Second, it seems like a bug. Apparently with the prevent DNS leaks setting active it screws with your network settings. It basically just turns off DHCP and then it needs to be reactivated after you close the VPN. It’s a quick fix. (TROUBLESHOOT ACTUALLY WORKED….WTF)

 

[–]hallorad 1 point 2 days ago (2|1)

Thank you for asking and thank you for sharing this. I’ve been having exactly the same problems with their client. Troubleshoot has been a lifesaver for me as well. Like you, I’m wondering if there is an easier way or a better client we can use?

 

[–]kriegers_van 2 points 2 days ago (3|1)

You can use the OpenVPN client, not PIA’s modified version — they link it from their client support page, but you can find it here. It is not as “full featured” as the PIA client (no built-in DNS Leak protection or “internet kill switch”) but it is less invasive (for the same reasons).

The instructions for setting up the client are in the “Advanced OpenVPN SSL Usage Guides” sections of PIA’s client support area.

I’ve used both clients and neither are trouble free for my purposes. I like the kill switch so that traffic I am not constantly monitoring isn’t going out over a non-VPN-ed connection if my client drops, but I too found the fiddling with my OS’ network settings to be troublesome. In the end, I decided to install a virtualized copy of Windows and run the PIA client inside that, and run all my applications that I want channeled through the VPN inside the virtual machine. I don’t care what PIA’s client does to the settings inside my virtualized Windows, and I get all the benefits I want with the security of the link killer.

This is a short-term solution until I can move to a routed traffic setup that doesn’t require such shenanigans on the user end.

 
 
 

 

[–]kandt_- 2 points 13 hours ago* (2|0)

I have the same issue and it can be solved with a very simple batch script. Execute this

netsh interface ip set dns <your-connection-name> static 8.8.8.8
netsh interface ip add dns name=<your-connection-name> addr=8.8.4.4
ipconfig /flushdns
TIMEOUT /T -1

after you disconnect and it will reset your DNS to point to Google’s DNS service. You must run it as an admin, and it will wait for keypress to exit.

EDIT: You can also fix a DNS leak with a similar script rather than using PIA’s software if you so choose.

ipconfig /flushdns
netsh interface IPv4 set dnsserver <your-connection-name> static 0.0.0.0 both
TIMEOUT /T -1

Run before connecting. You can find <your-connection-name> by running ipconfig if you didn’t know. It’s whatever connection your IP is associated with when you’re connected without the VPN.

Blog at WordPress.com.