I’m having a problem with 4.2 stable and a BerylAX.
I installed 4.2 stable and reset to defaults to start fresh.
I went to set up a provider group, being my home openvpn server on 2.5. I went to import 4 separate profiles, all with the same certificate + username/password authentication. These worked on the last beta. I can import the first, but I cannot import the other 3, because I get an error message that all the profiles have to have the same authentication method. With the one imported, I get a fatal authentication error.
I can import multiple profiles to another provider group which all are certificate only authentications.
I have worked around this. I rolled back to a January snapshot, loaded my configs successfully, and then upgraded with settings kept. Not ready to reset to defaults and repeat whether the problem repeats.
Now a new problem. For some reason I cannot see the openvpn client on the BerylAX conforming to a redirect-gateway command. All my traffic goes outside the tunnel. With the same client config to an openvpn server that pushes a redirect-gateway, a windows computer resets the gateway to go down the tunnel, a chromebook resets the gateway to go down the tunnel, a Beryl on 3.215 resets the gateway to go down the tunnel, a Beryl on the latest 4.2 snapshot resets the gateway to go down the tunnel, but the BerylAX ignores the command and sends all internet traffic outside the tunnel.
I loaded 4.2.1b. Not quite fixed. Internet traffic still goes outside the tunnel.
I have a home openvpn server. It pushes a redirect-gateway command and a route to its internal LAN. The ISP is Optimum.
At another location where the ISP is Spectrum, the BerylAX is set up as a repeater. I have two openvpn clients loaded. The “AutoDetect” option is selected. One client I will call “Redirect”. The other I will call “No-Redirect”, and it is identical to the first, except it contains the option “pull-filter ignore redirect-gateway”.
The expected behavior for Redirect is that all internet traffic will go over the tunnel, because of the redirect-gateway behavior. The expected behavior for No-Redirect is that internet traffic will not go through the tunnel.
The observed behavior for Redirect is shown by a tracert to go over the Spectrum pathway. (The same configuration file loaded on a Beryl is shown by a tracert to go over the Optimum pathway; this is correct.)
The observed behavior for No-Redirect is shown by a tracert to go over the Spectrum pathway, but I cannot tell if this is because the redirect-gateway is being ignored or not. (The same configuration file loaded on a Beryl is shown to go over the Spectrum pathway; this is correct.)
Both ISPs have 200/10 speeds. The advantage of Redirect in an insecure location, like an airport, is that all traffic is secured, but download is limited to the 10 upload speed. The advantage of No-Redirect in a secure location, like my second home, is that the internet traffic can download at 200. I can choose which client based on where I am.
Whatever difficulty I originally had in loading multiple configurations is not occurring.
I went to set up a provider group, being my home openvpn server on 2.5. I went to import 4 separate profiles, all with the same certificate + username/password authentication. These worked on the last beta. I can import the first, but I cannot import the other 3, because I get an error message that all the profiles have to have the same authentication method. With the one imported, I get a fatal authentication error.
^ I also faced this issue.
Side notes, I have set DNS at OpenVPN profile and using AdguardHome, my DNS requests is not using VPN connection. Wonder if it is a bug also?
Is adguardhome using its default DNS setup? Needs to be changed in the adguardhome settings page with is default ip address :3000( EX 192.168.1.1:3000). You want to go to settings TAB then DNS settings and make changes to the servers, how they query ect.
Hi, yes, in AdugardHome I have changed the query to my own Cloud’s AdguardHome. From there I monitor that the incoming request IP is from my ISP, not VPN.
To be more clear:
MT3000’s Adguard Home > Cloud Adguard Home (self hosted) > Upstream Server
From the self hosted Cloud Adguard Home, I could see the query request from MT3000 is from my ISP IP, not VPN IP.