heredago's blog

September 17, 2013

how to connect to a VPN server on a TomatoUSB router and then only tunnel the traffic to specific hosts

Filed under: Uncategorized — Tags: , , , , , , , , , — heredago @ 20:48

1- setup openvpn connection on the router

https://www.privateinternetaccess.com/pages/client-support/#tomato_openvpn

https://www.privateinternetaccess.com/forum/index.php?p=/discussion/110/updated-tomato-setup-for-newer-branches-including-tomatousb

 

2- ImageImageImageImage

 

 

then

2- only tunnel specific hosts route through openvpn client on tomato

http://serverfault.com/questions/382498/howto-only-tunnel-specific-hosts-route-through-openvpn-client-on-tomato

I finally did it 🙂

I’m using v1.28.9054 MIPSR2-beta K26 USB vpn3.6, but should work on others, as it’s networking.

OpenVPN wants to setup all your routing, you’ve got to stop that…

In VPN Tunneling/Client/Basic: Uncheck “Create NAT on Tunnel”

In VPN Tunneling/Client/Advanced: Uncheck “Redirect Internet Traffic”

Custom Configuration, add the line: route-nopull

 

In Administration/Scripts/Firewall, make sure you have:

iptables -I FORWARD -i br0 -o tun11 -j ACCEPT
iptables -I FORWARD -i tun11 -o br0 -j ACCEPT
iptables -I INPUT -i tun11 -j REJECT
iptables -t nat -A POSTROUTING -o tun11 -j MASQUERADE

Reboot, and viola, you got nothing…

Then, in a VPN up script (Best choice), or if you have your VPN start with WAN, put in your Administration/Scripts/WANUP

sleep 30
ip route flush table 200
ip route flush cache
ip rule add from 192.168.1.11 lookup 200
ip rule add from 192.168.1.13 lookup 200
VPN_GW=`ifconfig tun11 | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
ip route add table 200 default via $VPN_GW dev tun11

This probaly isn’t the “best” or “proper” way to do it, but it works. Now only 192.168.1.11 and192.168.2.13 will go through the OpenVPN tunnel. All other devices, and their traffic will go local.

This was extremely important for me, as i didnt want my Transmission torrent traffic going over the VPN. Some guy like SgtPepperKSU is looking at this and probably laughing… Anyway, from one Routing noob to another…

December 17, 2012

How to efficiently hide your IP address from torrents using a (paid) VPN connection

Filed under: Uncategorized — Tags: , , , , , , — heredago @ 00:51

Beware, utorrent and other torrent apps for some versions using a SOCKS5 proxy, especially the older versions, leak your real ip to the tracker, and from there the tracker sends it to the peers, revealing your real ip address.

It is not the fault of the proxy, but rather with the bittorrent app that isnt programmed properly.

You have several options without using a proxy to prevent the occasional VPN drops that will happen with any VPN:

The following uses Windows firewall to block your bittorent app from using the internet (in or out) unless it is through the Public network (which is your VPN as you shouldnt place your VPN network as private): http://practicalrambler.blogspot.co….lways-use.html

http://checkmytorrentip.com/# go to FAQ #4, to manually remove the route to the router after you connect to the vpn. But the drawback is that you no longer have a route to the router meaning no file/printer sharing with the rest of the network, and if you forget to put the route back into netstat then you wont have internet after disconnecting from the internet. This method is 100% effective provided you remember to use it.

You also have the option of trying to use your non-windows firewall to allow connections for the bittorrent app to anything other than your local area connection ips, if you can get it working. Commodo doesnt seem to work properly for some rules for some reason.

You can skip VPNetMon as it doesnt close the app in time if the VPN drops, and will expose your ip for a few secs after the drop. The VPN Kill Switch feature in PIA doesnt seem to work consistently either. I suggest the first 2 things I mentioned above for security.

http://forums.redflagdeals.com/hma-vpn-hide-my-59-99us-1-year-24-off-1269800/14/#post15975300

Create a free website or blog at WordPress.com.