Hi Guys,
I have been a user of the Merlin FW for my RT-AC88U for over a year now and I love it.
I do however have an issue, which searching the forum doesn't seem to help me resolve.
I have a setup like this:
However, in order to prevent DNS leaks etc, I have the following options set (which after some isolation tests I believe are the culprit):
My full VPN configuration is below (I have blocked out some of the specific settings). Any comments would be appreciated.
Thanks
D
General Settings
Start with WAN Yes
Interface Type TUN
Protocol UDP
Firewall Automatic
Authorization Mode TLS
Username/Password Authentication Yes
Username username_is_here
Password Show password
Username / Password Auth. Only No
TLS control channel security (tls-auth / tls-crypt) Disabled
Auth digest SHA256
Create NAT on tunnel Yes
Advanced Settings
Log verbosity (0-6, default=3) 3
Poll Interval 0
Accept DNS Configuration Exclusive
Cipher Negotiation Enable
Negotiable ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
Legacy/fallback cipher AES-256-CBC
Compression LZO Adaptive
TLS Renegotiation Time (in seconds, -1 for default) -1
Connection Retry (in seconds, -1 for infinite) -1
Verify Server Certificate No
Redirect Internet traffic Policy Rules (strict)
Block routed clients if tunnel goes down Yes
Custom Configuration
persist-remote-ip
verify-x509-name server_name_here name
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
I have been a user of the Merlin FW for my RT-AC88U for over a year now and I love it.
I do however have an issue, which searching the forum doesn't seem to help me resolve.
I have a setup like this:
- Clients 1 to 10 > VPN Client 1
- Clients 11 to 20 > VPN Client 2
- Clients 21 to 30 > ISP Gateway
However, in order to prevent DNS leaks etc, I have the following options set (which after some isolation tests I believe are the culprit):
- Accept DNS Configuration: Exclusive
- Redirect Internet traffic: Policy Rules (strict)
My full VPN configuration is below (I have blocked out some of the specific settings). Any comments would be appreciated.
Thanks
D
General Settings
Start with WAN Yes
Interface Type TUN
Protocol UDP
Firewall Automatic
Authorization Mode TLS
Username/Password Authentication Yes
Username username_is_here
Password Show password
Username / Password Auth. Only No
TLS control channel security (tls-auth / tls-crypt) Disabled
Auth digest SHA256
Create NAT on tunnel Yes
Advanced Settings
Log verbosity (0-6, default=3) 3
Poll Interval 0
Accept DNS Configuration Exclusive
Cipher Negotiation Enable
Negotiable ciphers AES-128-GCM:AES-256-GCM:AES-128-CBC:AES-256-CBC
Legacy/fallback cipher AES-256-CBC
Compression LZO Adaptive
TLS Renegotiation Time (in seconds, -1 for default) -1
Connection Retry (in seconds, -1 for infinite) -1
Verify Server Certificate No
Redirect Internet traffic Policy Rules (strict)
Block routed clients if tunnel goes down Yes
Custom Configuration
persist-remote-ip
verify-x509-name server_name_here name
keysize 256
tls-cipher TLS-DHE-RSA-WITH-AES-256-CBC-SHA:TLS-DHE-DSS-WITH-AES-256-CBC-SHA:TLS-RSA-WITH-AES-256-CBC-SHA
