[GL-MT300N-V2] openVPN setup

I’m trying to setup the router to enable openVPN client connection but here’s what happens:

  • I’ve downloaded the nordVPN configuration file
  • I’ve uploaded the file to the router using the appropriate page
  • after a couple of minutes the file is processed and a popup window shows up asking for my credentials
  • after writing username and password I click “submit”
  • this time it takes about 10 minutes but everything works and the status is “connected”
    Everything should be fine but when I try to navigate as example on google I get:
    “www.google.it refused to connect”
    What did I do wrong?

Hi @psigli

The issue is with the DNS not updating correctly. Try doing this:

You will need to connect to your router with SSH, that is quite easy. You can use a free program called putty, just set it to the new ip you set in the other thread ;). Log in as root with the same password as the admin pages and then paste those commands from the other thread, replacing the filename of your config; its the same name as when you uploaded. Press enter in the SSH after the last command.

The benefit of the scripts i linked is that you always get the latest DNS, and avoid leaks. You could also just set the DNS from NordVPN in the GL-iNet interface but i don’t recommend that.

Thank you, now it works!
If you don’t mind why you don’t recommend using nordVPN DNS?

For my future reference:

cat<<‘EOF’ >> /etc/openvpn/<YOUR_CLIENT_FILE_NAME>.ovpn
script-security 2
up /etc/openvpn/updns
down /etc/openvpn/downdns

cat<<‘EOF’ > /etc/openvpn/updns
mv /tmp/resolv.conf.auto /tmp/resolv.conf.auto.hold
echo $foreign_option_1 | sed -e ‘s/dhcp-option DOMAIN/domain/g’ -e ‘s/dhcp-option DNS/nameserver/g’ > /tmp/resolv.conf.auto
echo $foreign_option_2 | sed -e ‘s/dhcp-option DOMAIN/domain/g’ -e ‘s/dhcp-option DNS/nameserver/g’ >> /tmp/resolv.conf.auto
echo $foreign_option_3 | sed -e ‘s/dhcp-option DOMAIN/domain/g’ -e ‘s/dhcp-option DNS/nameserver/g’ >> /tmp/resolv.conf.auto

cat<<‘EOF’ > /etc/openvpn/downdns
mv /tmp/resolv.conf.auto.hold /tmp/resolv.conf.auto

chmod 755 /etc/openvpn/updns
chmod 755 /etc/openvpn/downdns

No, you have the NordVPN DNS now too, what i mean is i don’t recommend that you set it manually, since they can change their DNS at random.

Now you have the NordVPN DNS on demand via the scripts, it sets it to the latest one when you connect, automatically.

Test here and see if all is ok:

Ok, now I get it.
But when I run the test the result is:

DNS Leak Test
Looks like your DNS might be leaking…

Do the test without the VPN on too, are the DNS different? If so then its fine.
Also compare to the DNS that NordVPN writes on their site, it should be the same one.


The DNS are different when I run the test without the vpn, but they are not the same as those written on NordVPN site.
Do you think it’s a problem? Should I set them manually?

It’s easy to check the IP of the DNS’ that you got via the scripts online. It might just be that you are getting a more local DNS server than the one on their site, that could be for US for example (if you are somewhere else

Post the DNS here if you want i can check it.

Here they are (with VPN on):

Hmm those ip’s are registered to Google. If you try another browser do you get the same ones?

Google? During that test I was using chromium.
Here is the test result using konqueror:

Still the same, more google dns ip’s.
If you feel that google is secure enough, keep those. If not, then i guess you should in your case with NordVPN set them manually.

It’s up to you?

Remember guys, SOMEONE has to be your DNS provider, so dnsleaktest.com will always show some IPs for DNS. What you don’t want is your DNS provider to be your ISP, if you’re worried that they’ll try and correlate your DNS activity to your VPN activity (which is actually not all that much to be worried about, IMO).

Yeah that is totally correct. He didn’t get his ISP DNS so he is technically all good. I just ask cos some people think google is kind of bad too, but there is always Cloudflare for example too.

I’m reluctant to suggest Cloudfare to newbies as it turns out that some vendors (and more than one hotel I’ve visited) are violating RFCs and using 1.0/8 as internal, non-routeable addresses (i.e., on AT&T U-Verse) so queries on don’t make it out onto the network :frowning:

Yeah you are right. I did a quick look and i couldn’t find any alternative DNS ips for Cloudflare, which is a shame.

Anyway, Google DNS is good enough, they also only save logs for 24 hours or something like that, i read about it somewhere. Also the sheer number of requests google gets means that any request you make will be hidden in the sea of data, so in that way you get even higher security i would say, compared to a smallish DNS service that can be potentially hacked.

BTW, AT&T said it was a mistake they blocked it and they would fix it, or have fixed it :smiley:

Did you add the dhcp-option DNS nord.dns.here line into your ovpn file? Without this line pointing to Nords dns server the scripts won’t change to them.

Nope, I didn’t. I’m a noob.
Could you please tell me where exactly should I add that line?

I don’t know the dns for Nord, but in your ovpn file that you get from them. Open it and add in the line dhcp-option DNS add.res.she.re before the security certificates. Then upload it to the router and try.

Edit try these two lines:

dhcp-option DNS
dhcp-option DNS

Ok thanks, but writing them in the ovpn file wouldn’t be the same as configuring them through the router’s interface?