Set up wi-fi outside of OpenVPN

Hi, after trying a lot I managed to install and put to work an Raspberry Pi 4 as an OpenVPN router for connecting through cable and wifi and set up openVPN on it

But I wanted the Wi-Fi AP from the Raspberry pi to serve the connection withouth going through the VPN, and only the cable connection to go through it

I have the killswitch firewall configuration set up and I had to set up the DNS servers manually, now I'm struggling to find out how to exclude the wi-fi connection from the VPN server...

How to I do it?

1 Like

I assume easiest is to put your Wifi on a separate LAN from your Ethernet (not bridging them) which should allow you to have different Firewall rules for the two.

1 Like

Vpn client on seperate wifi network, no vpn on the other - #6 by vgaetera

They're not being bridged in any way

I've tried the setting on the post you recommended, but the wi-fi connects but no internet...
I think it might be from some interference from the killswitch settings, but I couldn't figure out what to change to set it to work

1 Like

Collect the diagnostics and post it to redacting the private parts:

uci show network; uci show wireless; uci show firewall; uci show dhcp; \
ip address show; ip route show table all; ip rule show; iptables-save -c; \
head -v -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
1 Like

Alastor's Config

There it is, thanks, you're awesome!

1 Like

Disable the default gateway redirection:

1 Like

Nice! It worked, but now my DNS is leaking again :rofl:

1 Like

Provide custom DNS with DHCP to the LAN clients.

1 Like

Hmm... Somehow that didn't work :c

After that I've tried adding dhcp-option DNS to the ovpn file (following internet tutorial), but it didn't work too

Make sure to reconnect the LAN client to apply changes.
Check out the DNS settings in the client's network status.
What method are you using to detect DNS leak?

I've even tried rebooting, but it didn't work...
By the way, I've noticed something I thought was a bit odd in the following line on the tutorial:
uci add_list dhcp.lan.dhcp_option="6,,"
Should that '6' really be on the start of the line? I've tried removing it, but the connection didn't work without it

I'm using to test DNS Leaks

EDIT: I've looked at the network interfaces and found that I could set custom DNSs on every interface, so I've set up the DNS server at the WAN, WWAN and VPN interfaces, so now it's showing up the new DNS servers on the tests...
Though the page from the VPN is also saying "DNS leak detected", it's showing the OpenDNS servers I configured, it wasn't before, so I'm finding it a bit strange.

Should I be worried or is it fine that way?

DHCP options should start with an option ID.
You have configured DNS forwarding and disabled the resolver file.
This means DNS on interfaces don't matter for the clients.
Disable DHCPv6 to avoid potential issues.

The VPN test likely expects you to use their own DNS exclusively.
The proper DNS leak test should show you the providers/locations of the DNS servers.
And you need to verify it matches the ones you have configured.

1 Like

It was showing the openDNS servers I've set up, but then, since that was the last thing I had to fix before fully deploying it, I connected it between the router and modem, and now it doesn't even show up as leaking the openDNS DNS servers, it's 100% perfect now! Thanks!

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.