I’m having a problem with 4.2 stable and a BerylAX.
I installed 4.2 stable and reset to defaults to start fresh.
I went to set up a provider group, being my home openvpn server on 2.5. I went to import 4 separate profiles, all with the same certificate + username/password authentication. These worked on the last beta. I can import the first, but I cannot import the other 3, because I get an error message that all the profiles have to have the same authentication method. With the one imported, I get a fatal authentication error.
I can import multiple profiles to another provider group which all are certificate only authentications.
I have worked around this. I rolled back to a January snapshot, loaded my configs successfully, and then upgraded with settings kept. Not ready to reset to defaults and repeat whether the problem repeats.
Now a new problem. For some reason I cannot see the openvpn client on the BerylAX conforming to a redirect-gateway command. All my traffic goes outside the tunnel. With the same client config to an openvpn server that pushes a redirect-gateway, a windows computer resets the gateway to go down the tunnel, a chromebook resets the gateway to go down the tunnel, a Beryl on 3.215 resets the gateway to go down the tunnel, a Beryl on the latest 4.2 snapshot resets the gateway to go down the tunnel, but the BerylAX ignores the command and sends all internet traffic outside the tunnel.
I loaded 4.2.1b. Not quite fixed. Internet traffic still goes outside the tunnel.
I have a home openvpn server. It pushes a redirect-gateway command and a route to its internal LAN. The ISP is Optimum.
At another location where the ISP is Spectrum, the BerylAX is set up as a repeater. I have two openvpn clients loaded. The “AutoDetect” option is selected. One client I will call “Redirect”. The other I will call “No-Redirect”, and it is identical to the first, except it contains the option “pull-filter ignore redirect-gateway”.
The expected behavior for Redirect is that all internet traffic will go over the tunnel, because of the redirect-gateway behavior. The expected behavior for No-Redirect is that internet traffic will not go through the tunnel.
The observed behavior for Redirect is shown by a tracert to go over the Spectrum pathway. (The same configuration file loaded on a Beryl is shown by a tracert to go over the Optimum pathway; this is correct.)
The observed behavior for No-Redirect is shown by a tracert to go over the Spectrum pathway, but I cannot tell if this is because the redirect-gateway is being ignored or not. (The same configuration file loaded on a Beryl is shown to go over the Spectrum pathway; this is correct.)
Both ISPs have 200/10 speeds. The advantage of Redirect in an insecure location, like an airport, is that all traffic is secured, but download is limited to the 10 upload speed. The advantage of No-Redirect in a secure location, like my second home, is that the internet traffic can download at 200. I can choose which client based on where I am.
Whatever difficulty I originally had in loading multiple configurations is not occurring.
I went to set up a provider group, being my home openvpn server on 2.5. I went to import 4 separate profiles, all with the same certificate + username/password authentication. These worked on the last beta. I can import the first, but I cannot import the other 3, because I get an error message that all the profiles have to have the same authentication method. With the one imported, I get a fatal authentication error.
^ I also faced this issue.
Side notes, I have set DNS at OpenVPN profile and using AdguardHome, my DNS requests is not using VPN connection. Wonder if it is a bug also?
Is adguardhome using its default DNS setup? Needs to be changed in the adguardhome settings page with is default ip address :3000( EX 192.168.1.1:3000). You want to go to settings TAB then DNS settings and make changes to the servers, how they query ect.
Hi, yes, in AdugardHome I have changed the query to my own Cloud’s AdguardHome. From there I monitor that the incoming request IP is from my ISP, not VPN.
To be more clear:
MT3000’s Adguard Home > Cloud Adguard Home (self hosted) > Upstream Server
From the self hosted Cloud Adguard Home, I could see the query request from MT3000 is from my ISP IP, not VPN IP.
I tried the new beta 4.2.1 release2 on my BerylAX. Unfortunately the Ovpn client is still ignoring the command pushed by my Ovpn server to redirect the default gateway, using Auto Detect.
The result is all internet traffic goes outside the tunnel. In otherwords, a complete leak except for traffic going to my home LAN.
When I set the mode to Global Proxy, the internet traffic goes through the tunnel. But if I use a configuration that includes a command to ignore the push command of the new default gateway, no traffic flows (in other words, I think there is a conflict).
I think in the Auto Detect mode, the push commands and the pull-filter commands should be honored, and there seems to be an issue with that. In some safe locations, I want internet traffic to go over a faster local connection. In unsafe locations, I want all internet traffic to go over the tunnel.