Hi,
yesterday I updated the firmware from 2.7 to 3.
With the old firmware I connected as a client to a vpn network, to remotely access my router, which does not have a static ip.
I uploaded the same .ovpn configuration file, but when I start the openvpn network, it doesn’t make me surf the internet anymore, but only to the vpn. What should I do?
Thanks
If you modify that shell script, it will enable traffic from lan forward to wan interface, so if VPN connection is lost, all data will cross wan directly, it means data leak.
Kyson, just to be sure I understand, when you say “data leak” you only mean “data will no longer go through the VPN.” In other words, it reverts to being a normal router, allowing LAN to forward to WAN without using the VPN.
It seems there are (at least) two reasons people use a VPN:
The user wants to do private Internet browsing and/or wants their browsing to originate at the VPN destination. They might be using a public VPN service. For this user, I can see how they would NOT want to go on the Internet without the VPN.
The user needs to link two LAN networks across the Internet. This user probably controls the VPN server and client. Only the LAN traffic needs to be private so only the LAN traffic goes on the VPN. However this does not mean that LAN traffic will leak onto the Internet any more than if you use the router without the VPN feature.
Blockquote
Yup, so we are developing routing policy function now, it can solve this situation.
Sounds promising. Please post an note here when that is ready.
I just thought of another situation where this is important: perhaps an employer asks the employee to connect to the corporate VPN from their personal device. The employee needs to access the corporate files, but the employee does not want their private Internet browsing to go through the employer’s server. Of course, the employee should turn off the VPN for best privacy, but maybe they forget, or they have a long-running task on the VPN and they want to do private browsing while they are waiting.
Because it is a way to avoid data leakage when you started VPN, if you don’t like use global proxy, you can try VPN routing policy, which I had mentioned above.
It means “Yes, if you didn’t upgrade to the latest testing firmware which supports VPN routing policy, you can try it”.