WebRTC, DNS Leak etc

[mirage22]

Hi,

Do the merlin builds come with WebRTC and DNS leak protections, in both VPN or Non VPN scenarios?

Is there a kill switch for VPN connections?

I know that adding features is not the goal, but enhancing what is given by Asus... But considering the security implications, can there be a workaround, if none exist at the router level?

 

[cosmoxl]

WebRTC is a browser "feature". Turn it off in the browser and you don't have to worry about it.

However, if you run VPN off router WebRTC should only detect your VPN exit IP, not your real ISP IP.

When you say DNS leaks are you implying DNS is used that you don't intend to use, or are you talking of a real leak, where the DNS request is going outside the tunnel?

 

[mirage22]

I have seen solutions implemented by my current VPN provider and couple of others who are able to block WebRTC at the PC level via their software.

As far as google chrome goes, the only plugin that exits does not work. And I cannot enable each browser based plugin on all PCs and guest pcs. So I was wondering if a similar fix can be applied at the router level.

DNS leak going outside the tunnel, or when the VPN disconnects without my knowledge on the router.

Also, if I configure DNS without VPN can i ensure that my ISP does not forcibly change it. My stock router without modified firmware has its DNS changed forcibly by the ISP even though i have configured it for OpenDNS servers.

 

[mirage22]

i found the killswitch solution here - https://github.com/RMerl/asuswrt-me...ver-VPN-and-Drop-connections-if-VPN-goes-down

so its the other questions that i would need advice.

 

[cosmoxl]

Linux has no such thing as DNS leaks since you are referring to DNS requests going outside the tunnel. Only Windows has problems with leaks because it allows separate DNS for each network adapter.

I already answered your question about WebRTC

 

[mirage22]

Thank you for the clarification on DNS leaks. coupled with Rmerlin's useful documentation on Github, I have the answers required.

But I am not happy with the WebRTC solution. As mentioned, its not possible to immunize all connecting laptops and devices. Plus Chrome's webrtc block does not work. I came across this solution on DDWRT. https://www.reddit.com/r/VPN/comments/2wm5bk/quick_question_about_everyones_new_worry_webrtc/

Can we filter stun requests in rmerlin's build? Does it have any negative effect?