Problems with openvpn on nighthawk r7800 behind BT Homehub

Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware
Author Message
embean
DD-WRT Novice


Joined: 05 May 2017
Posts: 6

PostPosted: Tue Jun 06, 2017 18:56    Post subject: Problems with openvpn on nighthawk r7800 behind BT Homehub Reply with quote
I think I am falling at the last hurdle of setting up my r7800 to use openvpn.

I have installed ddwrt on the router, all looks fine.
I have set up my VPN and can use it through a client on my phone, checking my IP confirms it is OK
I have set up openvpn on the router, and that also looks Ok *but* I cannot get my computer to use it, if I check the IP it is still my normal (BT) address. My r7800 is behind a BT home hub so I have checked the subnets on each and changed the routers subnet to be something different to the Homehub: router is 192.168.69.0/24 Homehub is 192.168.1.0/24 however things are still not working. I wonder do I need to change the wireless settings on the router... But not sure what to. It is set as "AP" at the moment. Is that right? I tried changing it to "Client" but that made things worse (I then couldn't connect at all over wifi. As AP I can at least connect).

Any clues? Been through a lot of hair pulling and frustration to get to this point, feels like I'm so close to getting it working but can't find any guidance on this last step.

Thanks in advance
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Sat Jun 10, 2017 20:24    Post subject: Reply with quote
BT uses pppoe WAN and is not compatible with VPN you have to
contact them and ask for static ip if possible...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
cave_monkey
DD-WRT Novice


Joined: 15 Jul 2017
Posts: 22

PostPosted: Wed Jul 19, 2017 21:42    Post subject: Re: Problems with openvpn on nighthawk r7800 behind BT Homeh Reply with quote
embean wrote:
I think I am falling at the last hurdle of setting up my r7800 to use openvpn.

I have installed ddwrt on the router, all looks fine.
I have set up my VPN and can use it through a client on my phone, checking my IP confirms it is OK
I have set up openvpn on the router, and that also looks Ok *but* I cannot get my computer to use it, if I check the IP it is still my normal (BT) address. My r7800 is behind a BT home hub so I have checked the subnets on each and changed the routers subnet to be something different to the Homehub: router is 192.168.69.0/24 Homehub is 192.168.1.0/24 however things are still not working. I wonder do I need to change the wireless settings on the router... But not sure what to. It is set as "AP" at the moment. Is that right? I tried changing it to "Client" but that made things worse (I then couldn't connect at all over wifi. As AP I can at least connect).

Any clues? Been through a lot of hair pulling and frustration to get to this point, feels like I'm so close to getting it working but can't find any guidance on this last step.

Thanks in advance




im having a similar problem, with BT blocking thirdparty DNS servers and seemingly DNSmasq requests also..


did you ever resovle it?
SaschaITM
DD-WRT User


Joined: 16 Dec 2015
Posts: 68

PostPosted: Thu Jul 20, 2017 8:52    Post subject: Reply with quote
Alozaros wrote:
BT uses pppoe WAN and is not compatible with VPN you have to
contact them and ask for static ip if possible...

That's utter nonsense.

embean/cave_monkey: first step would be to try to understand how VPN works, and then decide how you want to use it. Basically, you can connect to a VPN service from any device in your LAN, and that devive will use the VPN connection if the client on the device is setup correctly. That's why "I have set up my VPN and can use it through a client on my phone, checking my IP confirms it is OK" works. For that type of operation you usually don't need to configure anything on your router(s).

It seems to me you're tying to do something different though: having an OpenVPN client instance on the DD-WRT router which provides VPN for all devices in your LAN. The easiest way to do that would be to use the DD-WRT router as a second router "behind" your ISP's router instead of using it as an AP. I'd start by resetting DD-WRT to default settings. Then you'd have to set a subnet different to the ISP router on the DD-WRT router, disable WiFi on the ISP router, and connect all your devices to the DD-WRT router by WiFi or Ethernet cable. Then you'd have to connect the WAN port of the DD-WRT router to a LAN port of the ISP router, and set the "WAN Connection Type" in DD-WRT to "Automatic Configuration - DHCP". That should give you a separate subnet managed by DD-WRT with a WAN IP adress (in DD-WRT) from your ISP router's DHCP pool. Your devices will get an IP adress from the subnet you've setup in DD-WRT. After that you can setup VPN in DD-WRT. Note that doing all of this will "double NAT" your network, which isn't an optimal solution from a technical perspective, but in my experience works just fine, and is much easier to implement than any other solution.


Last edited by SaschaITM on Thu Jul 20, 2017 19:31; edited 1 time in total
cave_monkey
DD-WRT Novice


Joined: 15 Jul 2017
Posts: 22

PostPosted: Thu Jul 20, 2017 9:27    Post subject: Reply with quote
whats utter nonsense? the BT DNS issues or the incompatibility with PPPOE and open VPn ( to be honest i wasn't sure about that)

BT blocking DNS ? unfortunately it is an issue, and well documented it seems by other Nt users for years... its the BT web protect that does this, even when disabled, it sometimes is still intercepting DNS ie not fully deactivated . I have proven this with some lengthy testing now..

I understand perfectly well what VPN is, and how i want to implement it, and this what im attempting to do in the most optimum fashion and avoiding the ISP router or a 2nd unnecessary hops.. My problem is im not familir with DDWRT and or OpenVPn, and DNSmasq and its implemtenaions .. Im used to Proper DNS, Proper DHCP, and Proper VPNs ( ie enterprise , not home user / hobbyist style devices and connections)

thanks for the info, not so much for the sarcasm (intended or not)
SaschaITM
DD-WRT User


Joined: 16 Dec 2015
Posts: 68

PostPosted: Thu Jul 20, 2017 12:05    Post subject: Reply with quote
The "nonsense" remark was directed at the statement that PPPOE isn't compatible with VPN (why wouldn't it be?), and a static IP is needed (for what?). There's no sarcasm in my post, just a description of a working solution that's easy to implement.

I don't see the issue with DNS - you can route all DNS requests through OpenVPN, so your ISP won't even see the DNS traffic. I'm not sure what you mean by "proper" DNS/DHCP/VPN - DD-WRT is using standard software packages that are being used by hundreds of millions of devices and services, including "enterprise" level equipment. Also, double NATting isn't a real issue in my experience because it's not a "hop" in the sense of an additional gateway on the internet.
cave_monkey
DD-WRT Novice


Joined: 15 Jul 2017
Posts: 22

PostPosted: Thu Jul 20, 2017 18:20    Post subject: Reply with quote
ok SaschaITM


All I know, or experience , is when DHCP is amended in anyway in regards to DNS options..... I cannot resolved any DNS... Either if i do it manual in the GUI or if the VPN configures them via DHCP-OTPION during connection..

There is lots of talk about The ISP and blocking DNS by one of the parental products.. I can repeat the issue time and time again now. with various hardware, and various configs... If i manually configure addiotnal DNS in a client it can resolve, if any DNS goes back to the Router for forwarding it fails...


Read "proper" , reaplce with Commercial/Broing, namely Cisco IPSEC vpns, DHCP runing on Windows, or Cisco, Windows DNS, maybe a touch of Bind... aka, large scale corporate boring compliant, suits.... ie, never heard of DNS masq until couple of weeks ago as i didnt need to...

im not fussed about double nat... just extra hops over crappy ISP equipment ,also to get rid of those Annoying secret SSIDs they pump out

im keen to achieve a simplified setup, running VPN to bypass my ISP traffic managing streaming platforms like youtube,
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6407
Location: UK, London, just across the river..

PostPosted: Fri Jul 21, 2017 22:20    Post subject: Reply with quote
"You are seeing this page because you are using a BT service which requires the use of BT DNS Servers and it appears that you are attempting to connect using a DNS server outside of our network

Our BT Protect and BT Parental Controls services both require the use of BT DNS to keep you safe online.

You may have selected a different server in your network settings or installed an application that uses an alternative service."

well, beleve or not sometimes this pops out using VPN over pppoe
BT infinity.......so ??? nuff talks......

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Atheros WiSOC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum