Detecting geolocation

fluefiske · January 25, 2023, 5:54am

Hey there,

When connected with my vpn router at home the iptv provider shows me that watching tv outside the EU is not possible and block the connection.

However when connected with a windows ovpn client this problem does not occur. And I can watch everything.

So it must be a setting in the Beryl router, I need advice to solve it. Other ghen that the router works flawless.

Thanks a lot,

André

yuxin.zou · January 25, 2023, 12:50pm

Are you using Beryl AX or Beryl? Please try turning on Block Non-VPN Traffic or Internet Kill Switch.

Do you have any VPN policy set up?

K3rn3l_Ku5h · January 25, 2023, 1:30pm

You are probably experiencing a DNS leak, check your VPN provider for their DNS and change in GUI.

fluefiske · January 25, 2023, 7:24pm

Thank you for replying to my questions, I run a vpn server on my Asus router at home. But the settings should be good while the openvpn client on windows does the job well and shows the public ip at home.

So I don’t understand where the leak comes from. Can you tell me where to change that in the GUI. Sorry I am not so good in DNS and proxy servers.

Thanks a lot for your help,

André

fluefiske · January 25, 2023, 7:28pm

I am running a VPN server at the Beryl AX, thanks for replying by the way.

I tried to turn on block Non-VPN but then Internet is broken, can’t find the kill switch. And I didn’t setup a vpn policy.

Kr,

André

yuxin.zou · January 26, 2023, 1:36pm

It sounds like this does have a leak. This switch disables all leaked traffic, so it makes internet access unavailable.

Have you changed your DNS settings? Do you enable ADGuard Home? What DNS server are shown on the page when OpenVPN is running?

fluefiske · January 26, 2023, 2:20pm

I was afraid of that, I changed the dns several times but can’t get it to work. Adguard home is enabled, I tried it also disabled. cmd: ipconfig/all gives DNS Servers . . . . . . . . . . . : 192.168.8.1 is dat what you mean?

yuxin.zou · January 27, 2023, 3:16am

I am trying to find out the status display of the DNS page on the router.
Can you provide VPN configuration file?

@hansome Can you help to check?

fluefiske · January 27, 2023, 5:13am

Good morning,

This is my conf file, it is working flawless on a Windows client:

# Config generated by Asuswrt-Merlin 386.9, requires OpenVPN 2.4.0 or newer.

client
dev tun
proto tcp-client
remote PRIVAT_IP_ADRESS 443
resolv-retry infinite
nobind
float
ncp-ciphers CHACHA20-POLY1305:AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
auth SHA512
comp-lzo adaptive
keepalive 15 60
auth-user-pass
remote-cert-tls server
<ca>
-----BEGIN CERTIFICATE-----
My secret certificate
-----END CERTIFICATE-----

</ca>
<cert>
-----BEGIN CERTIFICATE-----
My secret certificate
-----END CERTIFICATE-----

</cert>
<key>
-----BEGIN PRIVATE KEY-----
My secret privat key
-----END PRIVATE KEY-----

</key>
<tls-auth>
-----BEGIN OpenVPN Static key V1-----
My secret OPENVPN static key
-----END OpenVPN Static key V1-----

</tls-auth>

Thanks a lot,

André

alzhao · January 27, 2023, 8:57am

The configure seems fine.

Openvpn server may push some routing to the client side. So it is useful if you can post the log when you connect Openvpn on Beryl AX.

Pls check you have Hardware acceleration disabled on the router.
After vpn is connected, you can also check your data and dns leak.
Check your IP address on using whatismyipaddress.com
check your dns leak by using dnsleaktest.com

fluefiske · January 27, 2023, 1:45pm

Now I am on a different network and cannot make a vpn connection at all. Same conf file…

Fri Jan 27 14:40:40 2023 daemon.notice ovpnclient[5545]: library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10
Fri Jan 27 14:40:40 2023 daemon.warn ovpnclient[5545]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jan 27 14:40:40 2023 daemon.notice ovpnclient[5545]: TCP/UDP: Preserving recently used remote address: [AF_INET]myhomeip:443
Fri Jan 27 14:40:40 2023 daemon.notice ovpnclient[5545]: Attempting to establish TCP connection with [AF_INET]myhomeip:443 [nonblock]
Fri Jan 27 14:40:41 2023 daemon.notice ovpnclient[5545]: TCP connection established with [AF_INET]myhomeip:443
Fri Jan 27 14:40:41 2023 daemon.notice ovpnclient[5545]: TCP_CLIENT link local: (not bound)
Fri Jan 27 14:40:41 2023 daemon.notice ovpnclient[5545]: TCP_CLIENT link remote: [AF_INET]myhomeip:443
Fri Jan 27 14:41:41 2023 daemon.notice ovpnclient[5545]: [UNDEF] Inactivity timeout (--ping-restart), restarting
Fri Jan 27 14:41:41 2023 daemon.notice ovpnclient[5545]: SIGHUP[soft,ping-restart] received, process restarting
Fri Jan 27 14:41:41 2023 daemon.notice ovpnclient[5545]: Note: Treating option '--ncp-ciphers' as  '--data-ciphers' (renamed in OpenVPN 2.5).
Fri Jan 27 14:41:41 2023 daemon.warn ovpnclient[5545]: WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption. Sent packets are not compressed unless "allow-compression yes" is also set.
Fri Jan 27 14:41:41 2023 daemon.warn ovpnclient[5545]: --cipher is not set. Previous OpenVPN version defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.
Fri Jan 27 14:41:41 2023 daemon.notice ovpnclient[5545]: OpenVPN 2.5.3 aarch64-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Fri Jan 27 14:41:41 2023 daemon.notice ovpnclient[5545]: library versions: OpenSSL 1.1.1q  5 Jul 2022, LZO 2.10
Fri Jan 27 14:41:46 2023 daemon.warn ovpnclient[5545]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jan 27 14:41:46 2023 daemon.notice ovpnclient[5545]: TCP/UDP: Preserving recently used remote address: [AF_INET]myhomeip:443
Fri Jan 27 14:41:46 2023 daemon.notice ovpnclient[5545]: Attempting to establish TCP connection with [AF_INET]myhomeip:443 [nonblock]
Fri Jan 27 14:41:46 2023 daemon.notice ovpnclient[5545]: TCP connection established with [AF_INET]myhomeip:443
Fri Jan 27 14:41:46 2023 daemon.notice ovpnclient[5545]: TCP_CLIENT link local: (not bound)
Fri Jan 27 14:41:46 2023 daemon.notice ovpnclient[5545]: TCP_CLIENT link remote: [AF_INET]myhomeip:443

fluefiske · January 27, 2023, 1:59pm

This is the log file on the windowsclient which works flawless.

⏎[Jan 27, 2023, 14:53:31] Connecting to [mydomain]:443 (myhomeip) via TCPv4
⏎[Jan 27, 2023, 14:53:31] EVENT: CONNECTING ⏎[Jan 27, 2023, 14:53:31] Tunnel Options:V4,dev-type tun,link-mtu 1588,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher BF-CBC,auth SHA512,keysize 128,tls-auth,key-method 2,tls-client
⏎[Jan 27, 2023, 14:53:31] Creds: Username/Password
⏎[Jan 27, 2023, 14:53:31] Peer Info:
IV_VER=3.git::d3f8b18b
IV_PLAT=win
IV_NCP=2
IV_TCPNL=1
IV_PROTO=30
IV_CIPHERS=AES-256-GCM:AES-128-GCM:CHACHA20-POLY1305:BF-CBC
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_GUI_VER=OCWindows_3.3.6-2752
IV_SSO=webauth,openurl,crtext
IV_BS64DL=1

⏎[Jan 27, 2023, 14:53:32] SSL Handshake: peer certificate: CN=RT-AC5300, 1024 bit RSA, cipher: TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any  Enc=CHACHA20/POLY1305(256) Mac=AEAD

⏎[Jan 27, 2023, 14:53:32] Session is ACTIVE
⏎[Jan 27, 2023, 14:53:32] EVENT: GET_CONFIG ⏎[Jan 27, 2023, 14:53:32] Sending PUSH_REQUEST to server...
⏎[Jan 27, 2023, 14:53:32] OPTIONS:
0 [route] [192.168.1.0] [255.255.255.0] [vpn_gateway] [500]
1 [dhcp-option] [DNS] [192.168.1.1]
2 [redirect-gateway] [def1]
3 [route-gateway] [10.16.0.1]
4 [topology] [subnet]
5 [ping] [15]
6 [ping-restart] [60]
7 [ifconfig] [10.16.0.2] [255.255.255.0]
8 [peer-id] [0]
9 [cipher] [CHACHA20-POLY1305]

⏎[Jan 27, 2023, 14:53:32] PROTOCOL OPTIONS:
  cipher: CHACHA20-POLY1305
  digest: NONE
  key-derivation: OpenVPN PRF
  compress: LZO_STUB
  peer ID: 0
  control channel: tls-auth enabled
⏎[Jan 27, 2023, 14:53:32] EVENT: ASSIGN_IP ⏎[Jan 27, 2023, 14:53:32] CAPTURED OPTIONS:
Session Name: mydomain
Layer: OSI_LAYER_3
Remote Address: myhomeip
Tunnel Addresses:
  10.16.0.2/24 -> 10.16.0.1
Reroute Gateway: IPv4=1 IPv6=0 flags=[ ENABLE REROUTE_GW DEF1 IPv4 ]
Block IPv6: no
Add Routes:
  192.168.1.0/24 [METRIC=500]
Exclude Routes:
DNS Servers:
  192.168.1.1
Search Domains:

⏎[Jan 27, 2023, 14:53:33] SetupClient: transmitting tun setup list to \\.\pipe\agent_ovpnconnect
{
	"allow_local_dns_resolvers" : false,
	"confirm_event" : "b00f000000000000",
	"destroy_event" : "780f000000000000",
	"tun" : 
	{
		"adapter_domain_suffix" : "",
		"add_routes" : 
		[
			{
				"address" : "192.168.1.0",
				"gateway" : "",
				"ipv6" : false,
				"metric" : 500,
				"net30" : false,
				"prefix_length" : 24
			}
		],
		"block_ipv6" : false,
		"dns_servers" : 
		[
			{
				"address" : "192.168.1.1",
				"ipv6" : false
			}
		],
		"layer" : 3,
		"mtu" : 0,
		"remote_address" : 
		{
			"address" : "myhomeip",
			"ipv6" : false
		},
		"reroute_gw" : 
		{
			"flags" : 275,
			"ipv4" : true,
			"ipv6" : false
		},
		"route_metric_default" : -1,
		"session_name" : "mydomain",
		"tunnel_address_index_ipv4" : 0,
		"tunnel_address_index_ipv6" : -1,
		"tunnel_addresses" : 
		[
			{
				"address" : "10.16.0.2",
				"gateway" : "10.16.0.1",
				"ipv6" : false,
				"metric" : -1,
				"net30" : false,
				"prefix_length" : 24
			}
		]
	},
	"wintun" : false
}
POST np://[\\.\pipe\agent_ovpnconnect]/tun-setup : 200 OK
TAP ADAPTERS:
guid='{4476C3CF-1C77-48A6-A0C9-1775EB9A56A3}' index=7 name='Local Area Connection'
Open TAP device "Local Area Connection" PATH="\\.\Global\{4476C3CF-1C77-48A6-A0C9-1775EB9A56A3}.tap" SUCCEEDED
TAP-Windows Driver Version 9.24
ActionDeleteAllRoutesOnInterface iface_index=7
netsh interface ip set interface 7 metric=1
Ok.
netsh interface ip set address 7 static 10.16.0.2 255.255.255.0 gateway=10.16.0.1 store=active
IPHelper: add route 192.168.1.0/24 7 10.16.0.1 metric=500
netsh interface ip add route myhomeip/32 22 192.168.8.1 store=active
The object already exists.
netsh interface ip add route 0.0.0.0/1 7 10.16.0.1 store=active
Ok.
netsh interface ip add route 128.0.0.0/1 7 10.16.0.1 store=active
Ok.
netsh interface ip set dnsservers 7 static 192.168.1.1 register=primary validate=no
NRPT::ActionCreate names=[.] dns_servers=[192.168.1.1]
ActionWFP openvpn_app_path=C:\Program Files\OpenVPN Connect\OpenVPNConnect.exe tap_index=7 enable=1
permit IPv4 DNS requests from OpenVPN app
permit IPv6 DNS requests from OpenVPN app
block IPv4 DNS requests from other apps
block IPv6 DNS requests from other apps
allow IPv4 traffic from TAP
allow IPv6 traffic from TAP
ipconfig /flushdns
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
TAP: ARP flush succeeded
TAP handle: 380c000000000000
⏎[Jan 27, 2023, 14:53:33] Connected via TUN_WIN
⏎[Jan 27, 2023, 14:53:33] LZO-ASYM init swap=0 asym=1
⏎[Jan 27, 2023, 14:53:33] Comp-stub init swap=0
⏎[Jan 27, 2023, 14:53:33] EVENT: CONNECTED username@mydomain:443 (myhomeip) via /TCPv4 on TUN_WIN/10.16.0.2/ gw=[10.16.0.1/]⏎

fluefiske · January 27, 2023, 4:14pm

By the way I am running firmware 4.2 Beta 2

alzhao · January 30, 2023, 11:29am

Seems it does not connect. What is the new network?

When you can connect, if you do not have IP and DNS leak, you need to clear DNS cache and test the tv again.

We tested and it should work. Just some times, need to turn tv off, connect vpn, wait some time, turn tv on.