I am using OVPN client on my GL-AXT1800 to create a VPN tunnel (S2S) to my home network. In the OVPN config file I have a line “redirect-gateway autolocal bypass-dhcp bypass-dns def1” to route all traffic through the VPN. On the GL-AXT1800 I have set the OpenVPN client “Proxy Mode” to “Auto Detect”. Everything is working fine so far, I can access resources on my home network from any WiFi client connected to the GL-AXT1800 and vice versa.
I wonder what would be the best way to configure to bypass the VPN for specific destination IP addresse for both sources the GL-AXT1800 itself and all connected clients - e.g. to access Google DNS directly through the current WAN uplink. Ideally, this setup should automatically work regardless of the used WAN connection mode (WiFI, Tether, etc.).
Furthermore, I have a behaviour that I can not exactly explain. When I check my DNS settings (Network > DNS), I see the correct DNS servers for my WAN uplink (DNS from Repeater) but for my OpenVPN I see my configured DNS server from the OVPN file as well as 209.244.0.3 and 64.6.64.6. Where do the foreign DNS entries come from?
They could be you ISPs DNS. Could mean that you DNS is leaking and the vpn is not set up correctly. Usually happens if you are using Separate DNS from the VPN DNs
MWAN3 is set up to ping google evert 10 sec if you have not changed it.
I have searched through the GL-ATX and indeed I have found the foreign DNS settings in the script /etc/openvpn/update-resolv-conf. From my understanding the script adds those DNS servers if none are pushed. But also when I push my internal DNS servers the foreign DNS servers will be added.
Thanks for your help. I have changed my ovpn settings on both the server and client side to implement your recommendations but I am not sure what settings to use exactly. Maybe you can help me and tell me what I have to change.
I have reverted my configurations to the ones I used before which are:
OpenVPN server settings (my internal router at home)
mode p2p
explicit-exit-notify 1
keepalive 10 120
ping-timer-rem
group nogroup
user nobody
ca ca.crt
dh dh.pem
cert server.crt
key server.key
tls-crypt ta.key
auth SHA1
cipher AES-128-GCM
tls-server
persist-key
persist-tun
verb 3
dev tun
lport 11194
proto udp4
ifconfig 10.255.255.112 10.255.255.212
The configuration I would like to establish is to use the AXT1800 when I am traveling. It should use OpenVPN to create a VPN tunnel to my router at home. All traffic from the AXT1800 and connected clients should go through the VPN tunnel. Only traffic to specific destination IPs should bypass the VPN and use the local internet connection of the AXT1800 (to bypass should apply to the AXt1800 and the clients). Clients connected to the AXT1800 should also be accessible from my internal network through the VPN.
Can you assist me with the configuration of my desired setting? Thank you very much.
Somehow the bypass doesn’t work as I can see that packets to the excluded IP addresses are routed through the VPN tunnel. The first hop using traceroute is the openvpn interface and with tcpdump on my home router I can see the packets passing through the openvpn interface as well.
In the system log I have found an entry about the exclusions “user.notice route_policy: default_policy=1 domain_list=8.8.4.4 8.8.8.8 dns_via=10.12.4.254”. How is this routing policy applied to the system? I don’t see any rules in the routing tables containing this IP addresses.
