In these images the connection is disabled to prevent the VPN from being outside
Looks like you aren't:
Check the logs.
"In these images the connection is disabled to prevent the VPN from being outside"
as I explained earlier I deactivated the network to prevent vpn coming out.
Yes anyway, it turns out to be under VPN. My ip is that of my vpn, but I notice traffic curtailment. so the vpn doesn't work as it should.
Another small thing that I didn't understand is how to put username and password under VPN. Now I'm using a file without user and password, but I don't know how to use the one with user and password. is there any way?
Perform the testing:
https://openwrt.org/docs/guide-user/services/vpn/openvpn/client#testing
The username/password authentication is optional.
Some commercial VPN providers may require it.
Note that the VPN only encrypts traffic and routes it to the tunnel.
But the tunnel itself still uses the WAN interface to reach the VPN server.
Does it look like the location of your VPN provider, or is this your ISP?
what i deleted is my vpn, the unencrypted ip on the first photo are my real ip
ifconfig
br-Chiavetta Link encap:Ethernet HWaddr 6E:62:AE:D7:61:CC
inet addr:192.168.1.189 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::6c62:aeff:fed7:61cc/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15119 errors:0 dropped:0 overruns:0 frame:0
TX packets:11384 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9488391 (9.0 MiB) TX bytes:2862501 (2.7 MiB)
br-lan Link encap:Ethernet HWaddr DC:A6:32:A9:16:B3
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fd5f:df8b:b066::1/60 Scope:Global
inet6 addr: fe80::dea6:32ff:fea9:16b3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11088 errors:0 dropped:0 overruns:0 frame:0
TX packets:12814 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2347454 (2.2 MiB) TX bytes:9516834 (9.0 MiB)
eth0 Link encap:Ethernet HWaddr DC:A6:32:A9:16:B3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11427 errors:0 dropped:8 overruns:0 frame:0
TX packets:12805 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2521368 (2.4 MiB) TX bytes:9514838 (9.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:630 errors:0 dropped:0 overruns:0 frame:0
TX packets:630 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:59148 (57.7 KiB) TX bytes:59148 (57.7 KiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.3 P-t-P:10.8.0.3 Mask:255.255.255.0
inet6 addr: fe80::f783:be8e:7566:c5e2/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:10830 errors:0 dropped:0 overruns:0 frame:0
TX packets:8491 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:8570792 (8.1 MiB) TX bytes:1971573 (1.8 MiB)
usb0 Link encap:Ethernet HWaddr 6E:62:AE:D7:61:CC
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15119 errors:1 dropped:0 overruns:0 frame:1
TX packets:11384 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9488391 (9.0 MiB) TX bytes:3363404 (3.2 MiB)
wlan0 Link encap:Ethernet HWaddr DC:A6:32:A9:16:B4
inet6 addr: fe80::dea6:32ff:fea9:16b4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:1445 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:229437 (224.0 KiB)
Options to route DNS over the VPN to avoid DNS leak:
I do some tests and I tell you, I put the google dns, but I don't think I have solved ...
I have an ovpn file with username and password that I cannot use, can you tell me how can I enter username and password openvpn on openwrt?
inside the configuration of the .ovpn file there is a proxy server to which I believe that openwrt does not connect. Isn't it by chance that I have to install something on openwrt to get the vpn going as it should?
You shouldn't use the proxy option unless your ISP requires it to access the internet.
Check the VPN logs if you have a problem to establish the connection.
Wed Dec 23 21:19:10 2020 daemon.warn openvpn(adminIT)[2961]: DEPRECATED OPTION: http-proxy-retry and socks-proxy-retry: In OpenVPN 2.4 proxy connection retries are handled like regular connections. Use connect-retry-max 1 to get a similar behavior as before.
Wed Dec 23 21:19:10 2020 daemon.warn openvpn(adminIT)[2961]: DEPRECATED OPTION: --cipher set to 'AES-128-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-128-CBC' to --data-ciphers or change --cipher 'AES-128-CBC' to --data-ciphers-fallback 'AES-128-CBC' to silence this warning.
Wed Dec 23 21:19:10 2020 daemon.notice openvpn(adminIT)[2961]: OpenVPN 2.5.0 aarch64-openwrt-linux-gnu [SSL (mbed TLS)] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Wed Dec 23 21:19:10 2020 daemon.notice openvpn(adminIT)[2961]: library versions: mbed TLS 2.16.8
Wed Dec 23 21:19:10 2020 daemon.err openvpn(adminIT)[2961]: neither stdin nor stderr are a tty device and you have neither a controlling tty nor systemd - can't ask for 'Enter Auth Username:'. If you used --daemon, you need to use --askpass to make passphrase-protected keys work, and you can not use --auth-nocache.
Wed Dec 23 21:19:10 2020 daemon.notice openvpn(adminIT)[2961]: Exiting due to fatal error
my isp requires it to access the internet
Didn't you posted screenshots with connected VPN without specifying the proxy settings?
Make sure to add the option in the VPN client profile:
auth-user-pass /etc/openvpn/client.auth