[Q] CM11/OpenVPN Not Routing Connections Over VPN Correctly topic
I just noticed that my moto E (running CM11) is not correctly routing my traffic to my openvpn server. I noticed when I was looking at the current connections on my OpenWRT router that I could see the VPN's local IP address, and the remote connection:
IPV4 TCP 10.9.0.20:56657 157.166.xx.xx:80
Where 10.9.0.20 is my local VPN address, the other represents any remote address I connect to.
I could see all this in Luci's connection graphs, which means that OpenVPN is not sending my traffic over the tunnel at all, despite the reports from sites like ipleak.net and similar sites that tell me I have no leak . But if I can see the connections from my router, that means that when I connect over mobile data, my carrier can likely see all of my traffic. This is not what I want, I am having a hard time fixing it. Also, how is it even possible that my router is detecting the IP of my tun interface??
I tried two different OpenVPN frontends, tweaking the firewall on the phone (afwall+) and also playing around with the 'redirect-gateway' directives. I am not sure if this a DNS leak or total disobiedience on Android's part of my routing rules. The fact that I can see these connections from the router makes me think that the traffic is not even being encrypted before it's sent over the internet. My firewall rules are set so that every app is supposed to route over the VPN. These are my configurations:
Server Config:
mode server
tls-server
local x.x.x.x
port 35777
proto udp
dev tun0
ca /etc/openvpnca.crt
cert /etc/openvpn/randomcn.crt
key /etc/openvpn/randomcn.key
dh /etc/openvpn/dh.pem
topology p2p
server 10.8.0.0 255.255.255.0
;topology subnet
ifconfig-pool-persist ipp.txt
client-config-dir clients
;client-to-client
keepalive 7 80
tls-auth /etc/openvpn/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 3
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
In my client directory, I have these settings. On my PC I do not have this IP leak problem despite the settings being the same:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
I have dnscrypt running with unbound on the server, serving the clients. This configuration works on my PC, but it seems no matter what I do I still can see the vpn local IP and all of my remote connections with Luci on openwrt.
I have tried using both OpenVPN connect, Openvpn for Android, and I am currently trying to use the ICS binary as well. Can anyone help me solve this problem? My goal is to tunnel all my phones traffic over the VPN and prevent IP or DNS leaks.
IPV4 TCP 10.9.0.20:56657 157.166.xx.xx:80
Where 10.9.0.20 is my local VPN address, the other represents any remote address I connect to.
I could see all this in Luci's connection graphs, which means that OpenVPN is not sending my traffic over the tunnel at all, despite the reports from sites like ipleak.net and similar sites that tell me I have no leak . But if I can see the connections from my router, that means that when I connect over mobile data, my carrier can likely see all of my traffic. This is not what I want, I am having a hard time fixing it. Also, how is it even possible that my router is detecting the IP of my tun interface??
I tried two different OpenVPN frontends, tweaking the firewall on the phone (afwall+) and also playing around with the 'redirect-gateway' directives. I am not sure if this a DNS leak or total disobiedience on Android's part of my routing rules. The fact that I can see these connections from the router makes me think that the traffic is not even being encrypted before it's sent over the internet. My firewall rules are set so that every app is supposed to route over the VPN. These are my configurations:
Server Config:
mode server
tls-server
local x.x.x.x
port 35777
proto udp
dev tun0
ca /etc/openvpnca.crt
cert /etc/openvpn/randomcn.crt
key /etc/openvpn/randomcn.key
dh /etc/openvpn/dh.pem
topology p2p
server 10.8.0.0 255.255.255.0
;topology subnet
ifconfig-pool-persist ipp.txt
client-config-dir clients
;client-to-client
keepalive 7 80
tls-auth /etc/openvpn/ta.key 0
cipher AES-128-CBC
comp-lzo
max-clients 3
user nobody
group nogroup
persist-key
persist-tun
status openvpn-status.log
log openvpn.log
In my client directory, I have these settings. On my PC I do not have this IP leak problem despite the settings being the same:
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 10.8.0.1"
I have dnscrypt running with unbound on the server, serving the clients. This configuration works on my PC, but it seems no matter what I do I still can see the vpn local IP and all of my remote connections with Luci on openwrt.
I have tried using both OpenVPN connect, Openvpn for Android, and I am currently trying to use the ICS binary as well. Can anyone help me solve this problem? My goal is to tunnel all my phones traffic over the VPN and prevent IP or DNS leaks.
xda-developers
- [Q] How to update? topic
- [Q] Move Sprint LG 2 over to Verizon. topic
- [Q] I'm over lollipop and want to rollback topic
- How to transfer data to a PC over WiFi router? topic
- Copy files over to External Storage topic
- Over writing the build.prop topic
- cloudy G3 over Stock (rooted) Lollipop topic
- Touch tone over VoLTE topic
- Brightness control, Over heat, Battery Drain topic
- Nexus 5 showing pixels all over the screen even after resetting it topic
- [Q] Xperia z2 sound routing issues topic
- [Q] CM11/OpenVPN Not Routing Connections Over VPN Correctly topic
- [Q] Power Button isn't working correctly anymore topic
- Mi3 not rooted correctly topic
- [Q] My phones battery life isnt being displayed correctly? topic
- Is root required to roll back to KitKat? topic
- [REQ] Multi DPI Stock Camera topic
- May be this is it for Xperia J topic
- [Q] No IMEI and baseband anymore. So back to stock rom for repair! topic
- [Q] New to phone - on 24A rooted - where to go from here? topic
0 commentaires:
Enregistrer un commentaire