Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Mar 01, 2024 21:33 Post subject:
.....DNS default is set to 1.1.1.1, 1.0.0.1 and 8.8.8.8. DNSMasq is off....
There is no line in the egc guides that says, you have to turn off DNSmasq...
so, turn it back on...enable it...
2 most important tings for VPN to work...
-DNS
-NTP time ...
we already pointed you out,where to read and what to use...follow the guides or the threads..
me myself i run VPN PIA Client on R7800 and have no issues at all...so revise your settings
however...to note..
some ISP can block your port 1197 or any obvious port..than use port 443
to debug add verb 6 or 8 to advanced VPN commands reboot and post the OpenVPN syslog here...
bear in mind some settings recommended on the old PIA setup guides are no longer supported on
ovpn 2.6xx
as well you need to disable dco with PIA...
nuff said post the output...and we will see it.. _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
.....DNS default is set to 1.1.1.1, 1.0.0.1 and 8.8.8.8. DNSMasq is off....
There is no line in the egc guides that says, you have to turn off DNSmasq...
so, turn it back on...enable it...
2 most important tings for VPN to work...
-DNS
-NTP time ...
we already pointed you out,where to read and what to use...follow the guides or the threads..
me myself i run VPN PIA Client on R7800 and have no issues at all...so revise your settings
however...to note..
some ISP can block your port 1197 or any obvious port..than use port 443
to debug add verb 6 or 8 to advanced VPN commands reboot and post the OpenVPN syslog here...
bear in mind some settings recommended on the old PIA setup guides are no longer supported on
ovpn 2.6xx
as well you need to disable dco with PIA...
nuff said post the output...and we will see it..
I opened a new topic to make it easier to find for users.
DNSmasq was on to force it to a DNS from years ago. I turned it off to default to cloudflare.
It did not work with dnsmasq turned on.
The port is not blocked by my ISP because I regularly use it on desktops (this will be a multihop if it ever works)
NTP is set correctly.
DNS 1 and 2 are cloudflare 3 is Google. It is unable to resolve the host
Guides did not help
Only useful log line is
N RESOLVE: Cannot resolve host address: nl-amsterdam.privacy.network:1197
Joined: 16 Nov 2015 Posts: 6447 Location: UK, London, just across the river..
Posted: Fri Mar 01, 2024 22:37 Post subject:
this line says you dont have dns and it means you screwed it within router settings
if you turn off dnsmasq than you dont have a dns , no dns no vpn..this is now on repeat
i guess yor router set up is terribly wrong so, revise your settings or start from scratch…
Dnsmasq works with vpn and is the ddwrt main dns forwarder start from scratch follow the guide _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
this line says you dont have dns and it means you screwed it within router settings
if you turn off dnsmasq than you dont have a dns , no dns no vpn..this is now on repeat
i guess yor router set up is terribly wrong so, revise your settings or start from scratch…
Dnsmasq works with vpn and is the ddwrt main dns forwarder start from scratch follow the guide
I turned dnsmasq back on but it still doesn't work.
I tried to go into command and run "ping duckduckgo.com" I get bad address.
Something is messed up but I don't know what.
I'm double NAT because of my ISP but I never had any issues before the update to the latest version of ddwtt.
What could it be?
DNS is set to 1.1.1.1, 1.0.0.1 and 8.8.8.8
Ntp is set to my country and the pool gets the right time.
What else could be blocking the DNS query? I'm running out of ideas
this line says you dont have dns and it means you screwed it within router settings
if you turn off dnsmasq than you dont have a dns , no dns no vpn..this is now on repeat
i guess yor router set up is terribly wrong so, revise your settings or start from scratch…
Dnsmasq works with vpn and is the ddwrt main dns forwarder start from scratch follow the guide
I turned dnsmasq back on but it still doesn't work.
I tried to go into command and run "ping duckduckgo.com" I get bad address.
Something is messed up but I don't know what.
I'm double NAT because of my ISP but I never had any issues before the update to the latest version of ddwtt.
What could it be?
DNS is set to 1.1.1.1, 1.0.0.1 and 8.8.8.8
Ntp is set to my country and the pool gets the right time.
What else could be blocking the DNS query? I'm running out of ideas
In services -> Services I turned off "Validate DNS Replies (DNSSEC)"
"No DNS Rebind"
"Query DNS in strict order".
I do not know if this was a good idea but when I check Status > OpenVPN. It says "Client Connected Success"
And it shows a 10.x.x.x as Local Address and Remote Address.
I don't know if I did the right thing by disabling these settings.
Edit: I think it works, but now I need to exclude one LAN IP from going through the VPN because my speed drops so much it is no longer able to stream Netflix with a double hop of openvpn on the router and wireguard on the device. Please help me exclude 192.168.1.124
Edit: it definitely works, but unfortunately even on 128 with SHA1 or poly it is too slow. I have a 1Gbit connection and went to a lightning speed of 37 mbps haha. I can't stream with it, everything stutters.
I will have to wait for Wireguard because a double hop is too slow. I turned the OpenVPN off while all devices are on and went from 37 mbps to 290 mbps with the single wireguard connection. 100 mbps would have worked but this is top slow for my usage.
those will tell your VPN provider that you would like to use your DNS preference...
add to advanced DNSmasq rules
no-resolv
server=1.1.1.1
server=1.1.1.3
server=8.8.8.8
so, DNSmasq will parse those DNS servers inside the VPN channel...
Of course your router will not sustain a 1 Gbit over VPN, as VPN is very CPU intensive, more over your double NAT...
and yes WG is a better solution...bet even thou it wont go that far up to 1Gbit...
there are a lot of PC compliance that have a decent specs to translate 1Gbit over VPN..but those will require x86 or x64 DDWRT on mini/micro PC (paid license is preferred) _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913