Hi, after trying a lot I managed to install and put to work an Raspberry Pi 4 as an OpenVPN router for connecting through cable and wifi and set up openVPN on it
But I wanted the Wi-Fi AP from the Raspberry pi to serve the connection withouth going through the VPN, and only the cable connection to go through it
I have the killswitch firewall configuration set up and I had to set up the DNS servers manually, now I'm struggling to find out how to exclude the wi-fi connection from the VPN server...
I assume easiest is to put your Wifi on a separate LAN from your Ethernet (not bridging them) which should allow you to have different Firewall rules for the two.
@vgaetera
I've tried the setting on the post you recommended, but the wi-fi connects but no internet...
I think it might be from some interference from the killswitch settings, but I couldn't figure out what to change to set it to work
Collect the diagnostics and post it to pastebin.com redacting the private parts:
uci show network; uci show wireless; uci show firewall; uci show dhcp; \
ip address show; ip route show table all; ip rule show; iptables-save -c; \
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
Make sure to reconnect the LAN client to apply changes.
Check out the DNS settings in the client's network status.
What method are you using to detect DNS leak?
I've even tried rebooting, but it didn't work...
By the way, I've noticed something I thought was a bit odd in the following line on the tutorial:
uci add_list dhcp.lan.dhcp_option="6,8.8.8.8,8.8.4.4"
Should that '6' really be on the start of the line? I've tried removing it, but the connection didn't work without it
EDIT: I've looked at the network interfaces and found that I could set custom DNSs on every interface, so I've set up the DNS server at the WAN, WWAN and VPN interfaces, so now it's showing up the new DNS servers on the tests...
Though the page from the VPN is also saying "DNS leak detected", it's showing the OpenDNS servers I configured, it wasn't before, so I'm finding it a bit strange.
DHCP options should start with an option ID.
You have configured DNS forwarding and disabled the resolver file.
This means DNS on interfaces don't matter for the clients.
Disable DHCPv6 to avoid potential issues.
The VPN test likely expects you to use their own DNS exclusively.
The proper DNS leak test should show you the providers/locations of the DNS servers.
And you need to verify it matches the ones you have configured.
It was showing the openDNS servers I've set up, but then, since that was the last thing I had to fix before fully deploying it, I connected it between the router and modem, and now it doesn't even show up as leaking the openDNS DNS servers, it's 100% perfect now! Thanks!