Redirect all traffic to the VPN

Hello friends,
I am going back to write to you because I have difficulty navigating under VPN. I check IP address and apparently I am under VPN but in reality no, there is an abnormal data consumption coming not from tun0.
For those who don't remember I use raspberry pi4 with an internet key under VPN.

In these images the connection is disabled to prevent the VPN from being outside

Looks like you aren't:

Check the logs.

"In these images the connection is disabled to prevent the VPN from being outside"

as I explained earlier I deactivated the network to prevent vpn coming out.
Yes anyway, it turns out to be under VPN. My ip is that of my vpn, but I notice traffic curtailment. so the vpn doesn't work as it should.

Another small thing that I didn't understand is how to put username and password under VPN. Now I'm using a file without user and password, but I don't know how to use the one with user and password. is there any way?

1 Like

Perform the testing:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/client#testing

The username/password authentication is optional.
Some commercial VPN providers may require it.

Note that the VPN only encrypts traffic and routes it to the tunnel.
But the tunnel itself still uses the WAN interface to reach the VPN server.

Uploading: Immagine 2020-12-23 141321.jpg...

1 Like

Does it look like the location of your VPN provider, or is this your ISP?

what i deleted is my vpn, the unencrypted ip on the first photo are my real ip

1 Like
 ifconfig
br-Chiavetta Link encap:Ethernet  HWaddr 6E:62:AE:D7:61:CC
          inet addr:192.168.1.189  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::6c62:aeff:fed7:61cc/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15119 errors:0 dropped:0 overruns:0 frame:0
          TX packets:11384 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:9488391 (9.0 MiB)  TX bytes:2862501 (2.7 MiB)

br-lan    Link encap:Ethernet  HWaddr DC:A6:32:A9:16:B3
          inet addr:192.168.10.1  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fd5f:df8b:b066::1/60 Scope:Global
          inet6 addr: fe80::dea6:32ff:fea9:16b3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11088 errors:0 dropped:0 overruns:0 frame:0
          TX packets:12814 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2347454 (2.2 MiB)  TX bytes:9516834 (9.0 MiB)

eth0      Link encap:Ethernet  HWaddr DC:A6:32:A9:16:B3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:11427 errors:0 dropped:8 overruns:0 frame:0
          TX packets:12805 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:2521368 (2.4 MiB)  TX bytes:9514838 (9.0 MiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:630 errors:0 dropped:0 overruns:0 frame:0
          TX packets:630 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:59148 (57.7 KiB)  TX bytes:59148 (57.7 KiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:10.8.0.3  P-t-P:10.8.0.3  Mask:255.255.255.0
          inet6 addr: fe80::f783:be8e:7566:c5e2/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:10830 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8491 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:8570792 (8.1 MiB)  TX bytes:1971573 (1.8 MiB)

usb0      Link encap:Ethernet  HWaddr 6E:62:AE:D7:61:CC
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:15119 errors:1 dropped:0 overruns:0 frame:1
          TX packets:11384 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:9488391 (9.0 MiB)  TX bytes:3363404 (3.2 MiB)

wlan0     Link encap:Ethernet  HWaddr DC:A6:32:A9:16:B4
          inet6 addr: fe80::dea6:32ff:fea9:16b4/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1445 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:229437 (224.0 KiB)

1 Like

Options to route DNS over the VPN to avoid DNS leak:

I do some tests and I tell you, I put the google dns, but I don't think I have solved ...
I have an ovpn file with username and password that I cannot use, can you tell me how can I enter username and password openvpn on openwrt?

https://openwrt.org/docs/guide-user/services/vpn/openvpn/client-luci#b_upload_a_openvpn_config_file

inside the configuration of the .ovpn file there is a proxy server to which I believe that openwrt does not connect. Isn't it by chance that I have to install something on openwrt to get the vpn going as it should?

You shouldn't use the proxy option unless your ISP requires it to access the internet.
Check the VPN logs if you have a problem to establish the connection.

Wed Dec 23 21:19:10 2020 daemon.warn openvpn(adminIT)[2961]: DEPRECATED OPTION: http-proxy-retry and socks-proxy-retry: In OpenVPN 2.4 proxy connection retries are handled like regular connections. Use connect-retry-max 1 to get a similar behavior as before.
Wed Dec 23 21:19:10 2020 daemon.warn openvpn(adminIT)[2961]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Wed Dec 23 21:19:10 2020 daemon.notice openvpn(adminIT)[2961]: OpenVPN 2.5.0 aarch64-openwrt-linux-gnu [SSL (mbed TLS)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Dec 23 21:19:10 2020 daemon.notice openvpn(adminIT)[2961]: library versions: mbed TLS 2.16.8
Wed Dec 23 21:19:10 2020 daemon.err openvpn(adminIT)[2961]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'.  If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Dec 23 21:19:10 2020 daemon.notice openvpn(adminIT)[2961]: Exiting due to fatal error

Immagine 2020-12-23 222107

my isp requires it to access the internet

Didn't you posted screenshots with connected VPN without specifying the proxy settings?

Make sure to add the option in the VPN client profile:

auth-user-pass /etc/openvpn/client.auth