I am using openvpn on tplink router - but one site detects my actual ip

I checked speedtest and ipleak and dnsleaktest - all sites shows my vpn ip
I checked facebook login history and it correctly shows vpn ip
but when I checked my logged in sessions including active session - for tradingview.com - it shows my isp provided ip - which is am logged in from - I logged out and logged in again ..still shows actual comcast provided IP
I did not exclude this website under policy routing so why it is logged me in my from actual IP instead vpn ip?

It is hosted by Amazon AWS and may overlap with other services.
Try routing all traffic to the VPN and disable PBR for testing.

1 Like

ok so I can disable pbr but how do I route all traffic to vpn? I mean through firewall?
Currently I am using openvpn (not wireguard) and because I wanted to view amazon prime video and offerup.com - I have allowed lan to wan traffic in firewall setting so should I remove lan to wan and just keep lan to openvpn so all traffic routes to openvpn ?
Of there is another way to do this?

when I tried to remove lan to wan forward in firewall - amazon prime video site and offerup.com stopped working but surprisingly tradingview.com worked ...showing logged ip from- is vpn ip

Check your configuration for the following settings:
https://docs.openwrt.melmac.net/pbr/#OpenVPNtunnelconfiguredwith.ovpnfile

You can do that, but routing is still the primary cause of the issue and should be addressed first.
Firewall mainly permits or prohibits traffic, but routing determines its direction.

1 Like
  1. Thanks but am still not clear why it says 'unset' when I want to set openvpn as a default and exclusive route?
    2.It says edit .opvn file but where do I find this .opvn file? - /etc/config/openvpn?
    it is the file proton vpn provided to me for openvpn or where?

You must have some sort of policy routing active to select some sites to bypass VPN.

If you don't use PBR at all, OpenVPN will by default install routes that send all Internet use through VPN. The only way anything gets routed to WAN then is if the VPN is down (OpenVPN then removes its routes). To prevent this, many people remove the lan->wan firewall forward and allow only lan->vpn so that LAN Internet can't work at all while the VPN is down, the so-called "kill switch."

2 Likes

Make sure none of these options are present in your config.

It should be normally in the /etc/openvpn directory.

1 Like

I am still not sure how do I follow - this instructions - I am using option other than UCI

10.1.2. OpenVPN tunnel configured with .ovpn file

To unset an OpenVPN tunnel as default route, set the following to the appropriate section of your .ovpn file:

  • For OpenVPN 2.4 and newer client .ovpn file:
    --
    pull-filter ignore "redirect-gateway"
* For OpenVPN 2.3 and older client `.ovpn` file:

route-nopull

Please answer following questions...
1. How do I know if I have 2.4 or 2.3 OPVN ? where do I check that?
2. Also I think .opvn file is the file that I downloaded from protonvpn but it says edit the appropriate section to add ----pull-filter ignore "redirect-gateway" but where is this appropriate section?

@vgaetera - can you please advise ..

It does not matter, if any of these options is present remove it.

Then reboot and test again

1 Like