Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    OpenVPN traffic NOT routed through VPN tunnel still being detected by sites as coming from a proxy or VPN.

    OpenVPN
    2
    3
    284
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elegantd last edited by elegantd

      First of all let me thank you for taking the time to help.

      Here is my basic setup. I am using NordVPN.

      1.png

      As can be seen I have three VPN tunnels configured for load balancing. LET ME BE CLEAR VPN WORKS FINE!
      I just don’t understand why traffic routed out through the DHCP Gateway are still being seen as coming from a proxy or VPN.

      NAT Outbound Rules.

      5.png

      Firewall Rules.

      6.png

      DNS Configuration.

      2.png

      3.png
      4.png

      Proof VPN is working and that there is no DNS leaks.

      10.png

      11.png

      Ok awesome, VPN is working, no DNS leaks. I can watch Netflix through the VPN tunnel proof the DNS settings are correct.

      Now lets add a bypass rule.

      7.png

      Check the firewall logs. Sweet NordVPN is now being routed out through the DHCP Gateway.
      However, is it really being routed through the DHCP Gateway, lets do a check.

      8.png

      Never thought I would be so happy to see that I was unprotected. Here was where I started doing a happy dance thinking I would soon be relaxing using my VPN tunnel and bypassing site that restricted VPN clients.

      WRONG!!!!!!!!!!!!!!!!!!!!!!!!!!

      Every site I added to my aliases list to bypass VPN tunnels came up as VPN or proxy detected. WTF!!!

      Thinking myself wise, having been bitten in the ass too, too many times I remember to do this.

      12.png

      What the heck, I even throw in a reboot on my computer.

      Get back on same stuff VPN or proxy detected. WTF!!!

      E 1 Reply Last reply Reply Quote 0
      • E
        elegantd @elegantd last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • Derelict
          Derelict LAYER 8 Netgate last edited by

          Most sites cannot be policy routed with a simple DNS Alias because they resolve to many addresses and they load content from many different domain names.

          No way adding, say, netflix.com is going to work for you.

          Chattanooga, Tennessee, USA
          The pfSense Book is free of charge!
          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post