THIS THREAD IS FOR THE USE OF THE FRIENDLY USERS WHO ARE TRIALING OUR BETA RELEASE OF OPENVPN
Thanks for the reply Karl.
It sounds like you're setup doesn't really require more btw. The Google DNS that gets pushed are transparent servers so it appears that the name resolution is pushed from the other end of the proxy. I'd leave it how it is unless you're aiming to look into it for the benefit of other users, in which case btw you might also test out if putting a working non-Google DNS server in the third entry passes or fails a DNS test.
The truth is, now that I think of it, that I added location specific servers after the move of the system to the Vanished production server and after the updated config.opvn files. I probably should have tested it myself before testing specific DNS servers by location. It may be irrelevant now.
Hi Dean, At this stage, I'm using the default DNS of what is reported as being pushed via the server config from the log files: the 2 default Google DNS servers. They were working under pptp (pushed to my router)
I hadn't thought of using OpenDNS servers and finding the ones with the best ping times. I'll have a go tonight and swap them around and see what happens.
Regarding the IPv6, I have gone through all my devices, both networking and PC's and disabled IPv6 completly. IPv4 I understand and can work to my advantage, but IPv6 just confuses the heck out of me
Just out of curiosity, Ottafish, did you end up using arbitrary DNS servers in your router b, or did you add DNS servers from the US?
If they were US DNS servers, I made a mistake with one of the IP addresses I listed. One of them didn't return a ping when I was more fine tuning my own setup, and I changed it after finding a list of OpenDNS servers by location then pinging them for ones in the US and using the ones that had the shortest response time. That list is here https://www.opendns.com/data-center-locations/ and it only gives a range, so for example the San Francisco server is 22.214.171.124/24 and what worked was 126.96.36.199
Perhaps that will be helpful for someone.
I don't know how to set up IPv6 on my networking, which was causing a leak until I disabled it, but for those that do have a leak and for whatever reason aren't able to turn it off, there's IPv6 DNS servers on the same page. I use OpenDNS IPv6 transparent DNS for my general browsing but don't know how to add those servers, from the page, specifically, because I don't understand how the ranges work. If someone else has a problem because of this being an issue with their hardware, its a good place to start researching in hopes that it fixes things.
One last thing to correct myself on, the Chromium browser in Linux does not in fact play Netflix. The Google Chrome browser does and hopefully they provide a binary for your Distro if you're a person reading this with any interest.
Sorry - forgot to add, the above is using an Apple TV of router (b)
It would seem the planets have aligned..
I can now confirm it's working flawlessly for me.
In router b, I had to put static dns entries into the 3 fields for local dhcp options. The third entry I put a dummy IP.
Multiple reboots, multiple leak tests and all report non AU based
It would appear that you were right Dean, router b was taking/using DNS of router (a) as a 3rd dns entry and that's what was reporting as AU based - thanks so much for the info - appreciated.
Just to confirm my setting:
ADSL > modem/router (a) > router (b)
modem/router (a) is for local LAN for normal stuff.
Router (b) is strictly for Vanishedvpn - both wired and wireless
Both devices are TP-Link
modem/router (a) is running stock firmware
router (b) is running dd-wrt release v3.0-30631
Can confirm both Netfix and HB0 both work very well and very fast.
buffering that used to occur (on pptp) has also gone.
Thanks Phil and team - awesome work :-)
Still working flawlessly for me. At the moment the ASUS router is running two openvpn tunnels, one to the US server and one to Aus. The policy based routing for openvpn on the Merlin firmware is very convenient. At the moment I have my Android TV Stick routed through the US tunnel and my Notebook Computer through the AUS tunnel. All other devices still go through the Wan interface directly, which is of course the default behaviour. Routing other devices through one or the other of the VPN tunnels is as easy as adding them through the Web GUI. Netflix is fast, the quality is good and I have not experienced any buffering which did sometimes happen using PPTP.
I am very happy using Openvpn.
I don't know if this will help, but I tried it out just now using the DNS IP addresses from the dnsleaktest page, and this worked, opposed to leaving DNS entries blank. I did, however, still have to leave IPV6 disabled for this. I really don't know if this will help you Ottafish, and it seems like a long shot since mine was already working fine with the blank entries, but its worth a shot, also making sure that IPV6 is off, assuming you're second router lets you.
You might also consider using these servers in your first router if all else fails and you think it might be a problem with the second router getting DNS from the first one and the leak somehow happening during the lookup of vanishedvpn.com; the servers will be further away from you but will still resolve IP addresses the same regardless of weather your'e on a VPN or not.
If PPTP is problematic for you, or you just want openvpn for other reasons, its sort of a shot in the dark but possibly worth a try.
It looks like, from the dnsleaktest.com page, that 188.8.131.52 is a primary DNS server for OpenDNS in the US. I used 184.108.40.206 for a secondary however I'm not in Australia right now so you may want to try out the test page from there before trying it out.
It may also be a glitch with vanished VPN as I suppose we're still in beta. I have some extra garbage in the window that's running the VPN right now, invalid packets. A leak is pretty big glitch though :p
Just to be sure, there was updated config files sent out, I think the day before yesterday. these are the ones that should be used so if you don't have them, check your SPAM folder and email Phil if you never got them at all. If memory serves there were some extra options for, I think, Windows machines and I doubt that applies to a router but also might be worth looking at.
Switched back over to PPTP, no additional changes and my 2 x dns servers on my laptop are both google.
DNS leak test all pass with no issues - all usa
Got home tonight and thought I'd reboot both routers before going any further.
Not sure what has happened, but for some reason, my router is saying I'm connected to Vanished.
The logs tell me it's pushing google dns.
But my laptop plugged into the router is failing with dns leaks.
I' now reporting as being back in Melb. (ip says usa though..)
I have exact same config as before where all dns entries are blank.
I have had to hard code google dns entries to semi pass the leak test to get usa responses.
I've tried every combination I can try over the last few hours..
I'll come back to it next day or so.
For the moment, I'm back to PPTP
Apologies for not getting back here earlier.
With the newest release, it appears to be working very well.
Still have same config as before. ADSL > modem/router (a - local au lan) > Router (b - Vanishedvpn)
Second router gives me both wireless and wired access to the VPN.
On brief testing, before I had to leave for work this mornig, works well.
Netfix is much faster than the pptp option.
The other test tonight will be HBO as I was experiencing severe buffering with pptp. Went back to a DNS re-director for HBO
As advised by Dean earlier, a dns leak test confirmed that all was US based.
Will do some more testing tonight and report back.
Will add some screen shots too.
Hi Dean, thanks, will give the "dnsleaktest" a go later today when I get a chance. I tried both google and opendns servers as local resolvers, which the apple tv got pushed. I'll remove all dns entries from router-b and see how that goes.
I noted from the openvpn logs that the default route option is sent back from the servers, indicating that all traffic should be pushed down the tunnel. hopefully the leak test will show if that is indeed happening. Doing a "where's my ip" search, dropped me into the same location as the pptp connection.
I guess of note is that the pptp connection is set as the WAN connection on router-b
Again, thanks.. will update when I've had another go
Also, I realise that this is basic stuff for some people but at the same time not so much for others but I'm about to get worse as its something that can be easily overlooked, you can see that I overlooked it above; make sure the AppleTV is set to get DNS from the router that's connected to the VPN. That might be easier said than done if the router has to be configured without DNS settings.
Try using the "Extended Test" button on this page https://www.dnsleaktest.com/ to test if its a problem with the DNS tunneling or not. I found that really helpful when troubleshooting mine.
Also, if you're able to look at the output or log file of what's happening when it connects to openvpn, look to see that dns-push happened.
With my problem, I had to create a network with no DNS at all and the computer initially uses either environmental settings for DNS, or the router's DNS to look up *.vanishedvpn.com and afterwards uses the DNS that gets pushed to it, otherwise it always uses the default DNS. If its the same issue as you're running a router behind a router, perhaps omitting DNS in that router (if it will let you), router b if I understood right, will work.
I also had to turn off IPV6 or I'd still get a leak. Though I didn't test what the leak was, it was sorted when doing so, the last thing I did (I think), after realising that I had a DNS leak.
I'm curious to hear if putting it in a DMZ works. I've never done that and had to also add DNS to a box, so I imagine that my stuff has always still gotten DNS from the initial router.
I wonder if the servers have a static or dynamic address. If they were static, and 4 have differant IP addresses, then DNS could be disabled entirely for the initial lookup by putting the numerical IP in the config.ovpn file.
The link up top using "Extended Test" should tell you if you're leaking DNS at all or not, though.