GL-MT6000
Version 4.7.7
OpenVPN Client/NordVPN
VPN Policy Based on the Client Device (defined by MAC address)
Traffic from the Following Device/Do Not Use VPN.
Is there a way through the GUI or through command-line to validate which traffic is routed through OpenVPN client/NordVPN (or conversely which devices aren't routed through vpn client??
I currently use VPN policy based on client device and defined with MAC address to not use VPN. I'm having issues with streaming services for various Roku devices with too many 'out of home' streams. I have all of my Roku MAC addresses defined to not use VPN, but the 'out of home' streams issue leads me to believe things aren't working as I believe. Thank you in advance..
Thank you for the info.
Can you please elaborate how to incorporate the 2 items you mentioned into the policies? Will this cause the public IP to get printed in the log? I do have command-line access to the router. tyvm
It's unneeded but to answer your question: not unless it's incorporated into a shell script using logger & its tagging, eg:
logger -p notice -t liblink "Failed to link /${LIB_DIR} libraries within /${link_dir} [✘]"
Enabled policies are always effective so I don't think there's any point logging what you already know is in place.
Even better. Add ip.me to one tunnel's policy then ifconfig.me to the other.
printf "%s\n" \
"tunnel one's ip is $(curl -s ip.me)" \
"tunnel two's ip is $(curl -s ifconfig.me/ip)" \
"$(env TZ='UTC' date +'%Y%m%dT%H%M%S%Z')"
Note the best way to run that above shell snippet is locally on a client device (ie: without logging into the router). If you run Windows you'll want MobaXterm. It's free.
What about dnscheck.tools and dnsleaktest.com? Are these two sites trustworthy and definitive?
I'm also looking for tools that I can trust to use to validate that my connection and DNS queries are truly secure. I want to quickly run them each time before I start browsing or using the internet.
I really appreciate the help, but there are many newbies here who won't be able to interpret the results the way that you can. It would be helpful to explain what you're seeing and what you're thinking as running this test will be helpful for anyone who lives or is going to surveillance states. All that information from ipleak is useless if newbies cannot figure out how to use that information to their advantage. Just test and learn doesn't help anybody if they're living in a surveillance state.
With that information on hand, what do I compare to as a reference point to know that everything is working? I actually don't recognize the ISP name when I ran ipleak.
Most VPN providers rent data center rack space from other locations ('colo' — co-location) for their physical servers or use fleets of VPS. They buy/rent access to network uplinks in a similar fashion. That's why there's nothing that directly states the VPN provider on the POP ('point of presence') results.
It's the same with Quad9's DNS infrastructure. Other companies host Quad9's software stack on their networks (eg: i3D.net B.V) as apart of Quad9's 'multi-cast' DNS system. Cloudflare, IIRC, runs their own infra... but as I've said they're known to log.
In the case of Quad9 you can confirm you're using their DNS via https://on.quad9.net . A reputable VPN provider should have a page for a similar check.
It's not something that can be taught over night, by reading a couple of blog articles or by watching some self-professed 'expert' on Youtube — & don't think I can't name names there ... as some of them omit key details while trying to sell you an 'advanced' course. You have a sound foundation but now you have to start evaluating what's flowing from your browser fingerprints. Then find a more privacy respecting one (eg: LibreWolf, Brave) & if going as far as installing GrapheneOS is relevant to you. IDK how you'd get rid of all the tracking you may have. Cupertino calls it your 'Apple ID'. I call it what it is: tracking built in at the OS level... like with Windows.
Either way you're going to want access to a Linux computer if one is serious about locking down & tightening up as much as one can. It's not a pleasant experience trying to review packet capture results on a < 14" screen.
Then decide if pulling the SIMs from your phones is apart of your threat model; don't forget those constantly ping towers. Triangulation isn't a new technique.
The VPN Dashboard document that you referred to references 4.8 firmware. I am currently running 4.7.7 and the interface is a bit different...I'm trying to equate the 4.8 document entries to my 4.7.7 system. Is the ability to addipleak.net & ip.me to the black/white policy dependent on 4.8? tyvm
Much obliged for the 4.7.7 clarification. I was able to add the entries per your screenshots. What perplexes me though, is where/how the output is displayed. My understanding is will not be printed in logs, so where is the output? tyvm
@bruce As I mentioned, I added the 3 entries you provided, but now I want to delete the entries and get back to the configuration/setup prior to those changes. However, I am unable to delete all 3 entries. I can delete 2 of them, but if I try to delete the third, and hit apply, the box turns red. I have to hit cancel to go back, but the last remaining entry still exists. Thoughts?
Visit the corresponding URL/website on the client (such as PC) to see if the detected your accessing Internet IP is your VPN IP (VPN server or VPN provider).
