Computers & Electronics

OpenVPN on DD-WRT success but IP is not hidden

  • Last Updated:
  • Mar 1st, 2019 10:02 am
[OP]
Deal Fanatic
User avatar
Mar 17, 2006
6882 posts
5797 upvotes
Burlington

OpenVPN on DD-WRT success but IP is not hidden

Hi. I am hoping someone can clarify the issue and discuss a solution if possible.

Currently, I have TP-Link ac3200 running as a first router off this Cogeco modem-router. This cogeco modem router is indeed functioning as a modem-router, as in it does broadcast wifi signals (2.4Ghz and 5Ghz). Up until now, all of my devices have their own openVPN clients running PIA, and everything is fine.

I however realized I still have my xbox and ps4 just running raw, and probably needed to be hidden from the grid. So I am thinking of using my Asus RT-N10P.

I have flashed it with DD-WRT, successfully set it up with OpenVPN Client from PIA instruction page - it does say "CONNECTED SUCCESS" in Status page. All seems good, but when do a "what is my ip" search, it still lists my actual IP address.

Am I doing something wrong? Is it because my Cogeco modem-router is functioning as a modem-router and not a modem only? I don't think there's an option to set up VPN client on this Cogeco modem-router, and I would prefer it stay the way it is.

What can I do?

Advices are greatly appreciated
Images
  • Capture.JPG
Last edited by konsensei on Feb 21st, 2017 7:16 pm, edited 1 time in total.
16 replies
Deal Expert
Aug 22, 2006
27311 posts
13016 upvotes
Does your config file include "redirect-gateway"?

EDIT: I'm dumb. That's server side.

I have nothing.
The only thing I could think of is something missing from DD-WRT's side.
It might not be reflecting the proper gateway after VPN is connected.
Deal Addict
User avatar
Oct 9, 2010
2760 posts
918 upvotes
Windsor
So, you're saying your Internet goes something like this:

Internet -> Cogeco modem/router/wifi -> TP-Link router/wifi/OpenVPN client ?

If so, are you connecting to the Cogeco wifi, or the TP-Link wifi? If you're using the Cogeco one, then that's your problem. If not, then I don't know ;).
One who is offended by truth, has no place among those who seek wisdom.
Sr. Member
Mar 6, 2012
720 posts
202 upvotes
ChubChub wrote: So, you're saying your Internet goes something like this:

Internet -> Cogeco modem/router/wifi -> TP-Link router/wifi/OpenVPN client ?

If so, are you connecting to the Cogeco wifi, or the TP-Link wifi? If you're using the Cogeco one, then that's your problem. If not, then I don't know ;).
OP also mentions an Asus Asus RT-N10P, I'd be curious to see a diagram of the networking devices.
Newbie
Feb 10, 2017
77 posts
10 upvotes
try changing the setting in openvpn client to accept dns config to "exclusive"
[OP]
Deal Fanatic
User avatar
Mar 17, 2006
6882 posts
5797 upvotes
Burlington
Updated my first post with picture.

So my left side is good as it is, I do not want to change it. Cogeco modem-router ---- TP Link --- computers. And each computer has a VPN client on its own.

My right side is what I am trying to set up. My Asus RT N10p is flashed with DD-Wrt, loaded with OpenVPN client and successfully connected. But the IP is still my IP from cogeco.

Thanks
Member
Feb 15, 2017
216 posts
68 upvotes
I too set up a VPN DD-WRT router just a few weeks ago, for Roku to access free US-only ad-based streaming sites. As I remember, the way I set it up is that the VPN router is behind (plugged in to) the primary router for my LAN. It had to be done this way as my ISP provides me with a modem , i.e one WAN port, no wireless.

The equivalent of my set up to you is the Asus would be plugged in to the TP-Link, using a different subnet address (for example 192.168.0.1 for the primary router gateway and 192.168.1.1 for the VPN router gateway). The drawback to this is that I have not found out a way for anyone in the 0.1 subnet to talk to the 1.1 subnet and vice versa. Perhaps I need to experiment with static routing.
[OP]
Deal Fanatic
User avatar
Mar 17, 2006
6882 posts
5797 upvotes
Burlington
slomoo wrote: I too set up a VPN DD-WRT router just a few weeks ago, for Roku to access free US-only ad-based streaming sites. As I remember, the way I set it up is that the VPN router is behind (plugged in to) the primary router for my LAN. It had to be done this way as my ISP provides me with a modem , i.e one WAN port, no wireless.

The equivalent of my set up to you is the Asus would be plugged in to the TP-Link, using a different subnet address (for example 192.168.0.1 for the primary router gateway and 192.168.1.1 for the VPN router gateway). The drawback to this is that I have not found out a way for anyone in the 0.1 subnet to talk to the 1.1 subnet and vice versa. Perhaps I need to experiment with static routing.
I'll give that a try later tonight, and see if it will do. I would most likely have no issue for 2 xbox or ps4 not seeing the other computers. They are not even talking to each other as far as I see. I have all my computers on the TP-Link and it is as good as I want it to be.
I thought since my Cogeco modem is already functioning as a router as well, wouldnt have needed to plug in.
[OP]
Deal Fanatic
User avatar
Mar 17, 2006
6882 posts
5797 upvotes
Burlington
Finally have got a chance to work on this today
slomoo wrote: I too set up a VPN DD-WRT router just a few weeks ago, for Roku to access free US-only ad-based streaming sites. As I remember, the way I set it up is that the VPN router is behind (plugged in to) the primary router for my LAN. It had to be done this way as my ISP provides me with a modem , i.e one WAN port, no wireless.

The equivalent of my set up to you is the Asus would be plugged in to the TP-Link, using a different subnet address (for example 192.168.0.1 for the primary router gateway and 192.168.1.1 for the VPN router gateway). The drawback to this is that I have not found out a way for anyone in the 0.1 subnet to talk to the 1.1 subnet and vice versa. Perhaps I need to experiment with static routing.
This still does not work. It still says connected successfully in OpenVPN status, but IP not hidden still.
badcopy wrote: try changing the setting in openvpn client to accept dns config to "exclusive"
Where do I find this option? Cant seem to find it on mine
Banned
Feb 19, 2017
20 posts
20 upvotes
ipv6 or ipv4? I found that ipv6 gets leaked with a lot of vpn's so I had to resort to setting ipv4 only
[OP]
Deal Fanatic
User avatar
Mar 17, 2006
6882 posts
5797 upvotes
Burlington
zeybsvrr wrote: ipv6 or ipv4? I found that ipv6 gets leaked with a lot of vpn's so I had to resort to setting ipv4 only
Both. First it was ipv6. I turned it off, now ipv6, still
Member
Feb 15, 2017
216 posts
68 upvotes
konsensei wrote: Where do I find this option? Cant seem to find it on mine
The DD-WRT that is flashed, is it a mega version? Not all of the version have OpenVPN client, but the mega version has it. I'll see what my VPN router logs look like when I got a chance tonight.

Also, there are several web tutorial on how to set it up, try not using PPTP if you can, because it will be slower:

https://docs.openvpn.net/frequently-ask ... ss-server/
http://www.makeuseof.com/tag/set-router ... ng-dd-wrt/
https://www.privateinternetaccess.com/p ... rt-openvpn

https://torguard.net/knowledgebase.php? ... cle&id=192
Member
Feb 15, 2017
216 posts
68 upvotes
Here's my VPN router log. The VPN provider's IP addresses have been changed to nnn.nnn.nnn.nnn and its name has been changed to vpnprovider or vpnprovider.com


Clientlog:
20170221 02:57:03 I OpenVPN 2.3.6 mipsel-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Dec 22 2014
20170221 02:57:03 I library versions: OpenSSL 1.0.1j 15 Oct 2014 LZO 2.08
20170221 02:57:03 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:16
20170221 02:57:03 W NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
20170221 02:57:03 W WARNING: file '/tmp/openvpncl/client.key' is group or others accessible
20170221 02:57:03 Socket Buffers: R=[114688->131072] S=[114688->131072]
20170221 02:57:03 I UDPv4 link local: [undef]
20170221 02:57:03 I UDPv4 link remote: [AF_INET]nnn.nnn.nnn.nnn:1191
20170221 02:57:04 TLS: Initial packet from [AF_INET]nnn.nnn.nnn.nnn:1191 sid=8d7e4e12 be243619
20170221 02:57:05 VERIFY OK: depth=1 C=US ST=NY L=New York O=vpnprovider.com emailAddress=support@vpnprovider.com
20170221 02:57:05 VERIFY OK: nsCertType=SERVER
20170221 02:57:05 NOTE: --mute triggered...
20170221 02:57:11 6 variation(s) on previous 3 message(s) suppressed by --mute
20170221 02:57:11 I [vpnprovider-server] Peer Connection Initiated with [AF_INET]nnn.nnn.nnn.nnn:1191
20170221 02:57:13 SENT CONTROL [vpnprovider-server]: 'PUSH_REQUEST' (status=1)
20170221 02:57:14 PUSH: Received control message: 'PUSH_REPLY redirect-gateway def1 dhcp-option DNS nnn.nnn.nnn.nnn dhcp-option DNS nnn.nnn.nnn.nnn dhcp-option DOMAIN vpnprovider route 10.8.0.1 topology net30 ping 10 ping-restart 600 ifconfig 10.8.0.34 10.8.0.33'
20170221 02:57:14 OPTIONS IMPORT: timers and/or timeouts modified
20170221 02:57:14 NOTE: --mute triggered...
20170221 02:57:14 3 variation(s) on previous 3 message(s) suppressed by --mute
20170221 02:57:14 I TUN/TAP device tun1 opened
20170221 02:57:14 TUN/TAP TX queue length set to 100
20170221 02:57:14 I do_ifconfig tt->ipv6=1 tt->did_ifconfig_ipv6_setup=0
20170221 02:57:14 I /sbin/ifconfig tun1 10.8.0.34 pointopoint 10.8.0.33 mtu 1500
20170221 02:57:16 /sbin/route add -net nnn.nnn.nnn.nnn netmask 255.255.255.255 gw 192.168.0.1
20170221 02:57:16 /sbin/route add -net 0.0.0.0 netmask 128.0.0.0 gw 10.8.0.33
20170221 02:57:16 /sbin/route add -net 128.0.0.0 netmask 128.0.0.0 gw 10.8.0.33
20170221 02:57:16 /sbin/route add -net 10.8.0.1 netmask 255.255.255.255 gw 10.8.0.33
20170221 02:57:16 I Initialization Sequence Completed
20170221 03:57:11 TLS: soft reset sec=0 bytes=6061557/0 pkts=8829/0
20170221 03:57:13 VERIFY OK: depth=1 C=US ST=NY L=New York O=vpnprovider.com emailAddress=support@vpnprovider.com
20170221 03:57:13 VERIFY OK: nsCertType=SERVER
20170221 03:57:13 NOTE: --mute triggered...
20170225 20:27:54 1088 variation(s) on previous 3 message(s) suppressed by --mute
20170225 20:27:54 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170225 20:27:54 D MANAGEMENT: CMD 'state'
20170225 20:27:54 MANAGEMENT: Client disconnected
20170225 20:27:54 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170225 20:27:54 D MANAGEMENT: CMD 'state'
20170225 20:27:54 MANAGEMENT: Client disconnected
20170225 20:27:54 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170225 20:27:54 D MANAGEMENT: CMD 'state'
20170225 20:27:54 MANAGEMENT: Client disconnected
20170225 20:27:54 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170225 20:27:54 D MANAGEMENT: CMD 'status 2'
20170225 20:27:54 MANAGEMENT: Client disconnected
20170225 20:27:55 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:16
20170225 20:27:55 D MANAGEMENT: CMD 'log 500'
19691231 19:00:00

ca /tmp/openvpncl/ca.crt cert /tmp/openvpncl/client.crt key /tmp/openvpncl/client.key management 127.0.0.1 16 management-log-cache 100 verb 3 mute 3 syslog writepid /var/run/openvpncl.pid client resolv-retry infinite nobind persist-key persist-tun script-security 2 dev tun1 proto udp cipher none auth sha1 remote us6.vpnprovider.com 1191 tun-mtu 1500 mtu-disc yes fast-io tun-ipv6 cipher DES-CBC route-delay 2 comp-lzo persist-key persist-tun float resolv-retry infinite nobind auth-nocache ns-cert-type server
Sr. Member
Sep 4, 2014
654 posts
231 upvotes
Toronto, ON
Did you get this working? I'm having the same issue.
Deal Addict
User avatar
Mar 3, 2011
3775 posts
20939 upvotes
Just reading all this is throwing me for a loop.

You said your tp-link is now working but the asus is not?

Why do you need two separate routers, why not just have everything connected to the tp-link?

Does your vpn support multiple simultaneous connections?

Does your Cogeco modem have a residential gateway feature which can be disabled, I mean if the idea of the cable modem is just for internet access why not just turn off all the other features which are not being used?

If both routers are setup identically with the only difference being the subnet and they are both using the same DD-WRT firmware, then there should be no issue. You could test by disconnecting the tp-link from the vpn and then have the asus connect and see if it's successful.

Have you tried connecting your consoles to the tp-link just to see if your IP is hidden?

I feel like your missing some simple step either on the VPN side from the router or dd-wrt settings might have been missed.
Deal Expert
User avatar
Feb 24, 2003
17266 posts
3507 upvotes
Toronto
The modem is connected to the Asus Internet port?
[OP]
Deal Fanatic
User avatar
Mar 17, 2006
6882 posts
5797 upvotes
Burlington
cant remember I got it to work, but I did.
However, too many issues with VPN at router level for me. So many websites and programs would block me with VPN on. Too much of a hassle to turn off and on every single time.

I know do it at single client level with program/app installed. It runs most of the time, and I can easily, quickly turn off when I need

This thread is 2 year old, btw, I've since changed routers

Top