Traffic not going via VPN

[saltyzip]

Hi, I've got two routers setup one which connects direct to the ISP, subnet 192.168.1.1, and another which is on a separate subnet 192.168.2.1. Router 2 connects wired to router 1 via its internet port.

I can connect to router 2 webgui from router 1 subnet and vice versa.

Router 2 has a pptp VPN client which connects to a VPN server over the internet. It connects fine, stable connection.

I had assumed that connecting devices to router 1, WiFi or wired would go out to the internet as per normal (no VPN). This is indeed the case.

Now onto the problem.

I had assumed WiFi or wired devices connected to router 2 would be forced to go via its connected VPN.
This doesn't happen, at least I don't believe that to be the case. When I run http://iplocation.net on a device connected to router 2 it shows my normal country location and wan ip, when it should show that of the VPN the router is connected too.

Can someone please advise where the issue might lie as I am starting to despair. The router I am using for the VPN is a Linksys e1200 running dd-wrt.

Thanks!



Sent from my Nexus 7 using Tapatalk

 

[CaptainSTX]

There are other ways to determine your location other than just looking up the location of the VPN server you are connected to. Fairly simple to accomplish if you are using WiFi.

I was unable to connect to the web site you referenced in your post to test it it correctly discovers my actual location or just returns the location of my VPN's server.

Try some other sites and see what happens, such as whatsmyip and Speedtest.net. Also run some trace routes and look at the results. when I run a traceroute using my VPN all the hops between my router and the VPN server are obscured.

 

[saltyzip]

Sorry the site should be http://www.iplocation.net I'll amend my original post

I have also tried http://www.whatismyip.com/ and location is not showing the VPN location.

There is a routing issue somewhere, it appears all traffic is heading out through router 1.

Sent from my Nexus 7 using Tapatalk

 

[chadster766]

Hi, I've got two routers setup one which connects direct to the ISP, subnet 192.168.1.1, and another which is on a separate subnet 192.168.2.1. Router 2 connects wired to router 1 via its internet port.

I can connect to router 2 webgui from router 1 subnet and vice versa.

Router 2 has a pptp VPN client which connects to a VPN server over the internet. It connects fine, stable connection.

I had assumed that connecting devices to router 1, WiFi or wired would go out to the internet as per normal (no VPN). This is indeed the case.

Now onto the problem.

I had assumed WiFi or wired devices connected to router 2 would be forced to go via its connected VPN.
This doesn't happen, at least I don't believe that to be the case. When I run http://iplocation.net on a device connected to router 2 it shows my normal country location and wan ip, when it should show that of the VPN the router is connected too.

Can someone please advise where the issue might lie as I am starting to despair. The router I am using for the VPN is a Linksys e1200 running dd-wrt.

Thanks!



Sent from my Nexus 7 using Tapatalk

You have Router2 WAN setup as PPTP and NAT enabled?

 

[saltyzip]

Hello!

Router 2 WAN is not setup as PPTP, set to Automatic Configuration - DHCP

I am using the VPN Client under the services tab on Router 2 to connect to the VPN Server, which is running on an RT-N66U router (Router 3) that is located in a different country, to router 1 and 2.

Couple of reasons I have not setup as you suggested, although I did try this way.

The VPN Server I am trying to connect to is hosted by myself and I don't have a static IP, my understanding is you have to enter a static IP Address into the config, can't use a hostname. I did however try and use a valid current WAN IP Address for router 3 but I couldn't get it to work, nothing in the logs to even show a connection attempt to router 3.

Ideally I would like to set WAN to PPTP on router 2 if I could get around the IP Address issue (assume it is an issue) and also I could get a confirmation that it would work with my setup?

Also I am not sure on router 2, if I should be using Gateway or Router mode for this device, could you please advise, it's presently set to Router mode I think?

 

[chadster766]

I did some research and this seem to be a common issue with DD-WRT Tunneling.

What's happening is the default route isn't set to the PPTP tunnel once it connect. Clients can still access resources on the other network but anything else goes through the regular internet connection.

On Router2 you may want to switch to OpenWRT which doesn't have this issue. OpenWRT doesn't have as nice an UI but might be more advanced than DD-WRT.

http://wiki.openwrt.org/doc/howto/vpn.client.pptp

 

[saltyzip]

I managed to get the pptp working via the wan setup. I followed the instructions on this page http://www.strongvpn.com/setup_dd-wrt_pptp.shtml. I'm also able to use a hostname for my VPN server gateway, so I was wrong in thinking it had to be an IP address.

Even though this is great progress I still don't have a working solution. When I connect a tablet or laptop to router 2 with the VPN connected I am unable to connect through to the internet. I can access local servers within the vpn, but if I try and browse to e.g. google.com, I get website not available.

I've logged into router 2 and run some ping commands and it seems to ping internet sites using hostname and IP address fine.

Any ideas what might now be wrong?

Sent from my Nexus 7 using Tapatalk

 

[chadster766]

I managed to get the pptp working via the wan setup. I followed the instructions on this page http://www.strongvpn.com/setup_dd-wrt_pptp.shtml. I'm also able to use a hostname for my VPN server gateway, so I was wrong in thinking it had to be an IP address.

Even though this is great progress I still don't have a working solution. When I connect a tablet or laptop to router 2 with the VPN connected I am unable to connect through to the internet. I can access local servers within the vpn, but if I try and browse to e.g. google.com, I get website not available.

I've logged into router 2 and run some ping commands and it seems to ping internet sites using hostname and IP address fine.

Any ideas what might now be wrong?

Sent from my Nexus 7 using Tapatalk

On the clients of Router2 check to see what DNS servers they are getting via DHCP. They should get the DNS servers of Router1 or public DNS servers like Google's 8.8.8.8/8.8.4.4

 

[saltyzip]

I still haven't solved the issue, some sample traceroutes below using the dd-wrt command line in router 2

[Test 1] - DNS Resolves but cannot access website from browser
traceroute to news.bbc.co.uk (212.58.244.57), 30 hops max, 38 byte packets
1 7.168.1.1 (7.168.1.1) 188.743 ms 189.748 ms 188.808 ms

[Test 2] - DNS Resolves but cannot access website from browser
traceroute to google.com (222.165.163.53), 30 hops max, 38 byte packets
1 7.168.1.1 (7.168.1.1) 195.176 ms 187.588 ms 188.874 ms

[Test 3] - website I host inside router 3 subnet - DNS resolves and can access website
traceroute to YYYY.YY.YY (Y.Y.Y.Y), 30 hops max, 38 byte packets
1 192.168.1.1 (192.168.1.1) 3.935 ms 3.824 ms 7.503 ms
2 X.X.X.X (X.X.X.X) 12.827 ms 19.315 ms 12.340 ms


Further information related to above:
7.168.1.1 is the subnet on router 3
192.168.1.1 is the subnet on router 1
YYYY.YY.YY (Y.Y.Y.Y) is the hostname and IP address of a website I host behind router 3
X.X.X.X (X.X.X.X) is the WAN IP of router 1