Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenVPN traffic NOT routed through VPN tunnel still being detected by sites as coming from a proxy or VPN.

    Scheduled Pinned Locked Moved OpenVPN
    3 Posts 2 Posters 599 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      elegantd
      last edited by elegantd

      First of all let me thank you for taking the time to help.

      Here is my basic setup. I am using NordVPN.

      1.png

      As can be seen I have three VPN tunnels configured for load balancing. LET ME BE CLEAR VPN WORKS FINE!
      I just don’t understand why traffic routed out through the DHCP Gateway are still being seen as coming from a proxy or VPN.

      NAT Outbound Rules.

      5.png

      Firewall Rules.

      6.png

      DNS Configuration.

      2.png

      3.png
      4.png

      Proof VPN is working and that there is no DNS leaks.

      10.png

      11.png

      Ok awesome, VPN is working, no DNS leaks. I can watch Netflix through the VPN tunnel proof the DNS settings are correct.

      Now lets add a bypass rule.

      7.png

      Check the firewall logs. Sweet NordVPN is now being routed out through the DHCP Gateway.
      However, is it really being routed through the DHCP Gateway, lets do a check.

      8.png

      Never thought I would be so happy to see that I was unprotected. Here was where I started doing a happy dance thinking I would soon be relaxing using my VPN tunnel and bypassing site that restricted VPN clients.

      WRONG!!!!!!!!!!!!!!!!!!!!!!!!!!

      Every site I added to my aliases list to bypass VPN tunnels came up as VPN or proxy detected. WTF!!!

      Thinking myself wise, having been bitten in the ass too, too many times I remember to do this.

      12.png

      What the heck, I even throw in a reboot on my computer.

      Get back on same stuff VPN or proxy detected. WTF!!!

      E 1 Reply Last reply Reply Quote 0
      • E
        elegantd @elegantd
        last edited by

        This post is deleted!
        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by

          Most sites cannot be policy routed with a simple DNS Alias because they resolve to many addresses and they load content from many different domain names.

          No way adding, say, netflix.com is going to work for you.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.