I have Hybrid VPN enabled and it states it is connected. I have added a host and serrvices for ports 80 and 443. When I go to gooel and search for whatsmyip, it shows my IP for the host I added as the WAN IP and not a different IP from my VPN provider. It seems like this feature is not working correctly.
I am running firmware version 1.0.1.20. I am not sure what IP the routher gets when it is connected. That is not one of the values displayed on the information tab. This seems like something that should be added to this tab in a futrure firmware version. Below is the info I get from the logs tab when connected.
Logs
Mon Apr 20 12:18:41 2020 OpenVPN 2.4.3 arm-openwrt-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Aug 29 2019 Mon Apr 20 12:18:41 2020 library versions: OpenSSL 1.0.2l 25 May 2017, LZO 2.06 Mon Apr 20 12:18:41 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts Mon Apr 20 12:18:41 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]104.200.153.92:1198 Mon Apr 20 12:18:41 2020 UDP link local: (not bound) Mon Apr 20 12:18:41 2020 UDP link remote: [AF_INET]104.200.153.92:1198 Mon Apr 20 12:18:41 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Mon Apr 20 12:18:42 2020 [06c1a956b1078f990b3de5da51d514a3] Peer Connection Initiated with [AF_INET]104.200.153.92:1198 Mon Apr 20 12:18:43 2020 TUN/TAP device tun0 opened Mon Apr 20 12:18:43 2020 do_ifconfig, tt->did_ifconfig_ipv6_setup=0 Mon Apr 20 12:18:43 2020 /sbin/ifconfig tun0 10.77.10.6 pointopoint 10.77.10.5 mtu 1500 Mon Apr 20 12:18:43 2020 /dumaos/apps/usr/com.netdumasoftware.hybridvpn/openvpn-event.lua openvpnup 1 tun0 1500 1558 10.77.10.6 10.77.10.5 init Mon Apr 20 12:18:43 2020 Initialization Sequence Completed
Yes, the host is setup as only these services and only those services are added. I have rebooted the host anbd the router. Funtionality just does not seem to work. I question whether it is really connected. The logs are not verbose enough to tell and with no IP displayed, not sure how to confirm one way or the other. It says connected, but I doubt it is. If it is, then the functionality does not work. Only 2 options I can foresee.
The source and destination port will not always be the same, leave the source ports at the default range 1-65535 and you custom destinations and see if it changes then.
I am getting "RPC error 'ERROR_VALIDATION': Validation failed for 'sport'" when I try to add any port now. Tried removing the device and readding it, disabling and reenableing hybrid VPN, and rebooting the router. Nothing seems to work at this point.
Will try this agin in the next fiormware version in hopes some of the bugs, logging, and infor tab provide better insights as to what is happening. Also odd that you can not see IPs when adding devices. Only shows host name. It probably should show both.
I have devices with multiple IPs so seeing device name only is not helpful in that instance.
There are no default sorce ports BTW. It forces you to enter numbers for them.
Attached is an example of a rule add faiulure. Just going back to my original attempt with source port being 80 for start and end now fails with the same error messgae.
If they have multiple IPs they should be covered by the same device name, is that not the case? Gotcha, that's not been brought in yet from the other features. I couldn't replicate it myself so delete the device from the VPN, disable the VPN completely. Confirm the device is online in the Device Manager then go back and try again.
That is not the case. Machines with multiple active IPs or machine with multiple IPs, but only one active show up more than once. I have a few machines that move between wired and wireless and they show up multiple times as the DHCP lease has not expired yet for the inactive reservation. Example is attached.
You must not have read the entirety of my least reply. I have already tried removing the entry, disabling the service, rebooting the router and a test host, and then re-enabling. Guessing at this point the only way I will be able to add a service at this point is to do a factory reset. Whatever table or file is corrupted is not being fixed by any of the things I have tried via the GUI.
I suspect the VPN is never connecting. I have noticed when I go back to the interface after a few hours the status on the information page has changed from connected to disconnected. I have several other devices in the house connected via VPN and all of the stay connected when this happens. If I disable and re-enable it, it says it is connected, but a few hours later it goes back to disconnected. I am using the OpenVPN file from the VPN provider that works fine with the OpenVPN client on the host I am using as a test.
I think better data like IP address needs to be displayed on the information tab and the logging needs to be more verbose to properly troubleshoot.
I think you will need to do a reset yes, I'll ask the team to see if they can reproduce the VPN disconnecting. The other issue we know about which may be causing the IP issue is a DNS leak, if you use the DNS of the VPN provider it should work then.
Sounds like you may not be familiar with that interface. There is not option on the VPN connection to specify DNS servers or even to select use router defined DNS servers vs. VPN provider DNS servers.
This would also be good data to display on the information tab so we can tell what DNS servers the VPN connection is using.
I am not sure that would be a good idea. Setting the enitre router to the VPN provider DNS servers would then only allow hosts and services setup to use htbrid VPN to be able to resolve FQDNs. It would break all of the other hosts. Unless the VPN provider has their DNS servers sitting directly on the Internet which I think would be highly unlikely. The user would also then need to monitor the IPs for the DNS servers from the VPN provider and update them when they change.
The only way this would make sense to me is to allow form them to be defined satatically on the Hybrid VPN configuration.
