VPN with public dns?
Team,
See also attached screenshot:
I'm trying to setup an OpenVPN connection with the attempt of having all traffic routed via this VPN.
However, based on the DNS-settings it looks like at least partially, the traffic is bypassing the VPN?
This is because the second DNS-server belongs to Google (i.e. 8.8.8.8)?
Any suggestions?
Is there a way to assign the internal DNS-server (i.e. 192.168.139.235)?
This because this DNS-server also runs Pihole.
With warm regards - Will
=====
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Sorry for the "noise".
I really believe that the Omada line is great value-for-money; especially in the pro-sumer en small business market.
For the given price-tag tp-link needs to finance product development, buy hardware, install software and ship to distri/resellers - not to forget lifetime warranty
Any comparison with RPI or others is not realistic because of the included, pre-configured central management capabilities and the lifetime warranty. Both are not included in RPI - regardless model, size and performance => you need to design and build your own; including warranty arrangements with your customers.
Its just that over the past 2 years there was a significant increase in security requirements.
Which tp-link couldn't follow. According to the current roadmap items this will change beginning coming year.
For the time being we will stick with Opnsens for security savvy customers.
Depending on the price tag for the whole (hardware, software and subscriptions) we will stay with OpnSense or switch to these new Omada products.
If the warranty, management and overall pricing is more-or-less the same as the grand-total with Opnsense then most likely, we will revert to Omada.
- Copy Link
- Report Inappropriate Content
For others trying this...
I spent the evening trying to get R605 L2TP to work. I followed the Omada and Windows directions here,
https://www.tp-link.com/us/support/faq/3050/
https://www.tp-link.com/us/support/faq/1629/
I never managed to get a connection to work. There are no diagnostics on the TPLink side so it's really hard to know what's up.
I'm pretty sure the R605 OpenVPN implementation is just broken. L2TP is going to need better instructions for me to make it work. I suspect the TPLink VPN is still just beta software. I'm going to switch to pfSense as I had no troubles there and security matters.
> if you are using your router in standalone and if it is er605 v2, then you should try wireguard, there is for now no dns settings in wireguard
Thanks for the thought but unfortunately I'm using Omada and it's a ER605 v1.6.
> ...with every bell and whistle working
Sorry to drag us off topic but... It's okay if they don't have every bell and whistle but it's not okay to say they do and then it doesn't work. Now I feel tricked. If they even had a web page saying what parts of OpenVPN they don't support then I'd cut them some slack but not even that.
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
@runner89 What is your specific L2TP use case that didn't work? I assume 605->Win10. What are the requirements on the client addressing other than specific DNS servers? I will try to mock this up and document.
- Copy Link
- Report Inappropriate Content
The server is the R605. The client is Windows 10 and it's on the R605's LAN port. I just followed those two FAQs,
https://www.tp-link.com/us/support/faq/3050/
https://www.tp-link.com/us/support/faq/1629/
I can get the Windows Security Sign In box but when I enter the password, it tries to connect and stops.
Windows Event Viewer reports this error and a web search for that error finds nothing useful.
The user {user} dialed a connection named L2TP VPN which has failed. The error code returned on failure is 651.
The R605 reports nothing, not even an attempted connection.
Not sure how to debug that.
- Copy Link
- Report Inappropriate Content
Hi!
How you want to use this VPN? If your client PC is already on the ER605 LAN side, it won't be able to connect the VPN server that also on this ER605.
You can try to connect the VPN server via your mobile phone data(Hotspot function to provide wifi for your client PC)
- Copy Link
- Report Inappropriate Content
do you want to know why that seems to be hard coded to 8.8.8.8?
simple answer: google got tons of servers around the world. it's a tech giant which runs servers all over the world. like amazon cloud, you run a server which is likely to be an amazon cloud one.
why not 1.1.1.1 or other popular dns? nah, not every region has a fast connection to the 8.8.8.8. that's my thought on why they prefer 8.8.8.8 rather than others
stability is what you need for business. not fancy.
if i need a whole customized thing, i'd choose to build up my own router with a mini pc.
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
yeah. i don't agure which dns server is the best.
i don't recall how many times I see people putting 192.168.1.1 as the DNS server in their wan settings and state that is absolutely correct.
i would not be surprised to see that at all. tons of people don't know what that is. that does not seem to be a mistake made by a man in the IT for decades. lol. i see a lot. i only state facts.
that's idiot proof.
yeah. i got this. i know people like customized things. your own DNS. your own server. blah blah. i bet these customized things will be supported in one day, on omada.
but this point, it is not full feathered.
i don't recall the down time for google last time. at least that does not seem to affect people.
well, i do remember that cloudflare was down this year. though i know cloudflare is pretty good.
yeah. i hate tech giants invading my privacy. but to get guaranteed speed and quick access, i choose whatever it fits my expectation. and i'd use extra ad-blocker.
but that no brainer 8.8.8.8 choice for tp-link looks reasonable to me. at least, make it work with less worries about maintenance. it's authoritarian but it works for common people.
definitely not for tech savvy. like i said, if I AM picking up a router for MY home use with TONS of customized options/settings, i'd build up my OWN router from opensource and perfect it as MY need.
different strokes for different folk
no objection from me. 8.8.8.8 = no brainer and works well for most. not everyone.
- Copy Link
- Report Inappropriate Content
EDIT
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 4433
Replies: 36
Voters 0
No one has voted for it yet.