Posted: Thu Aug 31, 2017 22:55 Post subject: VPN Not Routing Data To VPN Service Provider (Daisy Chain)
FUBAR. Things are rarely as simple as they appear. Let me start with my goal: A dedicated VPN (using nordVPN services) router connected via WAN <-> LAN of primary router.
I have successfully flashed the router and I am able to access the GUI interface. As practice, I completed the setup of a normal WAP using this guide (https://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point). I proceeded to setup the VPN using this guide (https://nordvpn.com/tutorials/dd-wrt/openvpn-gui/), provided by nordVPN. After rebooting the router, I checked the status of the VPN using the GUI web interface. Status of Client: CONNECTED SUCCESS.
Unable to access internet via VPN router. The VPN router is linked to the primary router through the WAN port. But when I search the web browser, everything is still routed through the Primary (no VPN) router.
The WAN IPv4 address is 192.168.1.10 (top right corner of DD-WRT GUI). I thought once the VPN was active, the ip would change...? How do I get my VPN router to route all device activity to NordVPN Server?
I keep getting the following line of code from openVPN log, which seems to be a common problem among people. Most of the information I have found never seems to arrive at any resolution.
Code:
20170831 18:04:58 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.8.1
20170831 18:05:00 I Initialization Sequence Completed
20170831 18:05:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170831 18:05:00 D MANAGEMENT: CMD 'state'
20170831 18:05:00 MANAGEMENT: Client disconnected
20170831 18:05:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170831 18:05:00 D MANAGEMENT: CMD 'state'
20170831 18:05:00 MANAGEMENT: Client disconnected
20170831 18:05:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170831 18:05:00 D MANAGEMENT: CMD 'state'
20170831 18:05:00 MANAGEMENT: Client disconnected
20170831 18:05:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170831 18:05:00 D MANAGEMENT: CMD 'status 2'
20170831 18:05:00 MANAGEMENT: Client disconnected
20170831 18:05:00 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170831 18:05:00 D MANAGEMENT: CMD 'log 500'
Can some explain why many recommend adding this in command prompts. I've made some sense of the first two, but I really have no idea why the fourth line is used.
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Fri Sep 01, 2017 10:16 Post subject:
Maybe you have things mixed up, either you daisy chain the routers and connect WAN of the secondary router to the LAN of the primary router and have them on different subnets or you set up the secondary router as a WAP and connect LAN to LAN and have them on the same subnet.
Thanks for clarifying that a bit for me. It was never clearly stated in the DD-WRT WAP guide that if the second router is on a different subnet of the primary then it is no longer considered an access point. I've changed the wording of my original post accordingly.
Any ideas why the traffic for devices connected to VPN router isn't being routed to nordVPN server? It's all being directed to the primary router and ISP.
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Fri Sep 01, 2017 17:59 Post subject:
Ok so you want to daisy chain your routers,e.g. connect LAN <> WAN, then you must not use the instructions for a WAP.
Basically do the following:
1. Reset the secondary router to default
2. connect to the secondary router and login
3. On Setup Basic/Setup, set the router IP to something different from the first router e.g. 192.168.2.1
Basically that is all there is, now you should have internet acces if connected to your secondary router.
If you have internet access then you can load the VPN on your secondary router and everything which is connected to your secondary router should be routed through your VPN.
I followed your steps precisely. I am able to get access to the internet after changing the IP of the second router however I'm unable to connect with the VPN service. I have verified that I've input valid credentials including the security keys we are to copy/paste. Before resetting the router, I was able to successfully connect to the VPN, but when I visited any site to verify if it was working properly, it always said I was "unprotected".
I used the steps here (https://nordvpn.com/tutorials/dd-wrt/openvpn-gui/) in order to setup the VPN. It appears there must be some firewall issue--a TLS error.
Joined: 18 Mar 2014 Posts: 12889 Location: Netherlands
Posted: Thu Sep 07, 2017 16:23 Post subject:
Things you can check:
1. Is the NTP time right?
2. Nord uses different certificates for each server, be sure to use the right certificate
3. Altough I do not think it is a firewall issue with your secondary router, you can disable the SPI firewall on your secondary router, as the primary router already has a firewall.
4. Your ISP can block 1194, research Nord if you can use another port, I use TCP and port 443 because others are blocked by my ISP
5. Try an other build 30xxx has openVPN 2.3 newer builds have openVPN 2.4 (when using another build always reset/erase nvram and put settings in manually)
I tried some of the changes you mentioned but it changed nothing. I've been doing some additional research and I'm wondering if I'm looking at all this in the wrong way. If I set up a second router that uses DD-WRT and is daisy-chained from our main router, can I connect via WIFI to the second router and router all traffic through the VPN servers? Will this bypass my ISP and maintain my anonymity?
I reached the point that I canceled the nordVPN service and I decided to try PIA. After resetting the router to default, I went through the steps provided by PIA but it's not even attempting a connection. The OpenVPN Status page is blank -- shows no errors/logs. I'm using DD-WRT Firmware v3.0-32170M (6/11/17).