Mwan3: Do privacy methods work with it?

So with the help of this great community have a multiwan setup running now.

Testing various things today it occurred to me that VPNs and Tor Browser may not be secure or work properly.

I tested Tor Browser and it started losing the ability to connect to websites.

ProtonVPN SEEMS to work okay, but I can't be sure. Is there a way to check this sort of thing?

Anyone provide any info or details?

Please provide more details. Do I understand correctly that privacy tools are used on the laptop, not on the router, and there is nothing privacy-related on the router?

If all the privacy tools are on the laptop, then it is indeed strange.

If the VPNs are on the router itself, then it is this bug about interaction with virtual interfaces: https://github.com/openwrt/packages/issues/19607 and its numerous duplicates: https://github.com/openwrt/packages/issues/18481 https://github.com/openwrt/packages/issues/9905 https://github.com/openwrt/packages/issues/14332

Is that the point? VPN have to be router based, not on a device by device basis?
I did bookmark a guide to installing ProtonVPN on the router, but I didn't want to go that far. It's something I use once in a while.

I think we misunderstand each other.

Regarding "the point": no, VPNs need to run on the most suitable device, and consumer-grade routers are not such devices, due to a weak CPU that will limit the speed. Even on a Linksys E8450, Wireguard will saturate the CPU with only 150 Mbps of traffic under ideal conditions (i.e. no small packets), and OpenVPN is even worse. An Intel NUC might be a better place if you want something centralized.

Regarding the interaction with mwan3: it is still not clear (because "Is that the point?" can be interpreted either way) what exactly you were trying to do.

If the VPN is terminated on a device other than the router, it should just work.

If the VPN is terminated on the router, despite the negative recommendation above, a bugfix is needed for the mwan3 package. Until the maintainer develops full understanding of what's going on, you have to put a workaround in place. The workaround consists of this iptables rule:

iptables -t mangle -I PREROUTING 1 -m comment --comment "Do not inherit the mark of encrypted packets" -j MARK --set-xmark 0x0/0x3f00

I gotta admit, I understood little of this.

ProtonVPN can run on android devices (phones/tables) and PCs, just as Tor Browser can. I don't use them often, but sometimes it just feels safer.

I just am trying to figure out if you are using them if packets go to the services via different ISPs and if privacy is maintained if/when that happens.

...ok :confused:

So, maybe it should be asked: Is this thread OpenWrt-related, if so, can you clearly explain how?

  • It uses the mwan3 policy you configured - just like any other client would. Nothing special or magical overrides your router settings, unless you configured that client to be special somehow
  • This statement is unclear: "and if privacy is maintained if/when that happens"? I surmise you're asking about Tor and ProtonVPN - I don't understand how that is OpenWrt-related - but I'm certain nothing magically changes with the program installed on your phone/tablet/laptop