OpenVPN client assistance

viragomann

@Antibiotic
Is it really in AP mode now? In your other thread you had it in router mode.

I guess, the VPN is an upstream provider, allowing you to hide your IP?

The policy routing rule on the wifi interface shows some states and some kB. So I assume, it routed some traffic to the VPN gateway.
To rule out a DNS issue, try to ping an IP in the internet, e.g. 1.1.1.1.

BTW: If your wifi devices use the local DNS Resolver and internet access is routed out over the VPN, you will run into DNS leaks.
The easiest way to circumvent this is to forward DNS request from the wifi to any server over the VPN, could be the DNS of the VPN provider or any other public DNS server.
However, this bypasses the Resolver and local host names cannot be resolved then.

Antibiotic

@viragomann

1. Yes router in AP mode
2. With VPN tunnel on WIFI ping is going, no any packets lost, but internet do not have!
3. Regarding DNS leakage understood, but not important for me, me only want to secure wifi traffic with encryption and hide internet browsing from ISP. I know they will see my DNS request, where me go but the rest traffic will encrypted anyway. But where is my mistake now with settings do not understand? I want that pfBlockerNG to see DNS request to filter VPN traffic
4. Yes, the VPN is an upstream provider.
   
   

viragomann

@Antibiotic said in OpenVPN client assistance:

Yes router in AP mode

So your wifi devices get IPs in 192.168.10.0/24 from pfSense and hence also get the DNS server?

With VPN tunnel on WIFI ping is going, no any packets lost, but internet do not have!

You mean to an IP like 8.8.8.8, but not to google.com?
So the wifi devices probably cannot resolve host names.
Try to investigate this with dig or nslookup on a device. What do you get?

Antibiotic

@viragomann So your wifi devices get IPs in 192.168.10.0/24 from pfSense and hence also get the DNS server? YES

[2.7.2-RELEASE][admin@pfSense.home.arpa]/root: dig google.com

; <<>> DiG 9.18.19 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43895
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1432
;; QUESTION SECTION:
;google.com. IN A

;; ANSWER SECTION:
google.com. 300 IN A 172.217.21.174

;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Thu Apr 04 21:37:15 EEST 2024
;; MSG SIZE rcvd: 55

Antibiotic

@viragomann I have port restrictions for this interface, do not know this could be a problem or not?

viragomann

@Antibiotic
I'm not in doubt, that pfSense can resolve host names well, to be honest. The point is, what you get on a wifi-connected device.

Antibiotic

@viragomann said in OpenVPN client assistance:

The point is, what you get on a wifi-connected device

What do you mean?

viragomann

@Antibiotic
Connect a laptop to the wifi and run nslookup or dig against a public host name on it.

Antibiotic

@viragomann Ah ok , this is a result from WIFI router:

viragomann

@Antibiotic
Can you show the interface configuration of this device, please?

DNS resolution works so far obviously.

Antibiotic

@viragomann Do you mean LAN settings of WIFI router?

viragomann

@Antibiotic
This is the wifi router?
Then the test is useless. You need to check this from a device, which is connected to the wireless. This is, where you have troubles, so this case has to be investigated.

Antibiotic

@viragomann From Laptop connected to WIFI router result:
PS C:\Users\archi> nslookup google.com
Server: pfSense.home.arpa
Address: 192.168.10.1

Non-authoritative answer:
Name: google.com
Addresses: 2a00:1450:400f:80a::200e
172.217.21.174

PS C:\Users\archi> nslookup 8.8.8.8
Server: pfSense.home.arpa
Address: 192.168.10.1

Name: dns.google
Address: 8.8.8.8

PS C:\Users\archi>

Antibiotic

@viragomann Laptop settings:

viragomann

@Antibiotic
So everything seems fine on your site.

Now I have to ask again after 17 posts, what is the real problem??
Which kind of connection does not work?
What output do you get? Error message or whatever?

Antibiotic

@viragomann Sorry my friend, after 2 days of fighting with VPN, removed all. Could be next time try again but now my nervous system is become too weak))))) Anyway thanks a lot to try assist me and spent your time.

Gertjan

@Antibiotic said in OpenVPN client assistance:

but now my nervous system

Check this one - the whole story.

Now I write down what I think :

DNS is worth $$$
And who has access to : Your real IP and your DNS data ? and keep in mind that combination of the two make the data even more valuable ?
Right.
I thinks these *****VPN supplier really start to think lately about how to make the max out of it.
And thinks get even better : you pay them .... or, when you read the thread above, one might ask : why don't they pay me ? or you ?

Why would they do all this ?
Simple. if I or you were working for them, I (we) would do exactly that : DNS interception.

Again, me just thinking, right ^^

Antibiotic

@Gertjan I'm apologizing for this, but what the point of this message? Do not use any VPN services?

Gertjan

@Antibiotic said in OpenVPN client assistance:

Do not use any VPN services?

There is no definite yes or no answer.
You can use what you want. Just keep the list with pro and cons updated. When you use a "thing", you have to control and understand that thing.
Is it worth it ? Or not ? Up to you.

Antibiotic

@Gertjan How , its possible to control not your own VPN server outside?