![]() ![]() ![]() ![]() (NordVPN's main website, by contrast, accesses .) Your call.) Per their privacy policy, their site uses cookies only for login status, handling referrals, etc, i.e. (If you visit it at even once at any time before you sign up for an account, they'll give me credit for referring you. I began this effort using AirVPN's posted 2015 dd-wrt setup guidance augmented by very helpful 2018 AirVPN forum posts "Howto: Setup airvpn on DD-WRT, refreshed guide" by user Moat and "tls-crypt on DD-WRT: got it working!" by user JamBam, but all these posts turned out to be significantly incomplete, so this how-to is much more detailed. Even though I had had NordVPN configured for well over a year, reconfiguring for Air still required help from both the dd-wrt forums (thank you, and AirVPN staff, so I am sketching up this how-to in hopes of making it easier for others. I finally got around to figuring out how to configure dd-wrt's OpenVPN client for AirVPN. With those ciphers I am doing really well with MTU 1434 and mssfix 1406, but the why of those is a long story.Ĩ Sep 22: At I just posted my own GUI settings for OpenVPN to AirVPN (dd-wrt 49081 with OpenVPN version 2.5.6.) No verbosity this time, just settings, for those who are aaaaaalmost there! In particular, I suggest you set First Data Cipher to CHACHA20-POLY1305, Second Data Cipher to AES-256-GCM, Third Data Cipher and Encryption Cipher to AES-256-CBC. The "OpenVPN Guides" sticky at the top of this forum has a link to OpenVPN 2.5 hints/pointers that will actually get you to the right answers pretty quickly. This is the route I want the DNS queries from Pi-Hole to take.Posted: Tue 20:52 Post subject: HOW-TO: configure the OpenVPN client for AirVPNģ Oct 21: This post needs updating to make it compatible with OpenVPN 2.5, which has some different settings. But if I do "ping -I tun0 " they won't see anything except encrypted data going to a VPN server somewhere. (for example if I do "ping -I eth0 " my ISP will see that I'm sending ICMP packets to Google. Otherwise, it completely defeats the purpose of using a VPN to avoid ISP spying (deep packet inspection, etc.), because my ISP would know every DNS request I make if I configure it to use the eth0 interface. ![]() So the interface where the Pi-Hole receive DNS queries from computers on the local network (eth0) is different from the interface it must use to send DNS queries to the Internet (tun0). What I mean is I don't want Pi-Hole to send DNS queries "in clear" through my actual ISP connection, but route it through a VPN connection (the OpenVPN client is running on the Raspi where Pi-Hole will be installed). Of course the response would be the same route but the other way. =DNS A query (eth0)=> =DNS A query (through VPN connection, tun0)=> (let's say DNS.watch for the sake of example) Let me explain through some improvised ascii schema. But a VPN client is already running on it. No VPN server will be installed on the machine where Pi-Hole resides. I don't want to use my Pi-Hole installation from everywhere. If I understood correctly (correct me if I'm wrong) this page describes a way to allow clients to connect to the server where Pi-Hole is running with a VPN client, but only route DNS requests through it. Is this behavior possible ? If yes, what interface should I choose during Pi-Hole installation ? eth0 or tun0 ? Because I'm afraid if I choose eth0, all DNS requests would go through eth0 interface, and not through my VPN connection.Īre there any additional steps to do to make it work like I want ? But I don't want the DNS requests to be sent through the eth0 interface (thus bypassing the VPN connection and defeating the purpose of not being spied by my ISP) but instead go through the VPN connection (tun0 interface), like everything else happening on my Raspi right now. I'd like to run Pi-Hole on the Raspberry Pi, and be able to use it on my local network (eth0 interface) as a local DNS resolver. My Raspberry Pi also goes through a VPN connection to access the internet (another AirVPN connection exiting through another internet-facing IP).My desktop computer goes through a VPN connection to access the internet (AirVPN).I have an unusual setup, and I'm wondering if what I want to do is possible. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |