Jump to content

VPN/DNS functionality problems and some improvement ideas


Kotu
 Share

Recommended Posts

Hello,

Let me begin by saying I've received my router 2 days back and had my hands on it most of my free time since then, it really does have quite a few exciting and promising features. Therefore I see a lot of potential and hopefully there is maturity at the end of the roadmap as well.

My main reason for picking it was somewhat seamless VPN capability integration, also this is where I faced most of the issues, therefore this is the area I am going to focus on, especially after going through this forum and seeing that quite a few customers also rely on this functionality in their day to day operations.

First, maybe some minor ideas:

  • Power button. I could not find it, neither looking all over the device, nor in the user guide. Did I miss it? :)
    You do need to reset your router time from time and the only way to do it is either by connecting to its control panel (that is if it is responding) and doing it there, or trying to unplug it from power supply. Not sure if it's healthy.
     
  • More templates of established VPN providers (maybe at least Top5?) in basic VPN Setup. It would eliminate a lot of hassle, also reduce support requests that you get around VPN, since it would be tested out, reducing problem surface for users. Especially given it is one of more complicated setups, as per your KB.
     
  • Resiliency:
    • Reconnecting to the VPN server if connection drops/session expires/etc. Not sure if it is doing it now, but it did not seem like, I need to connect to control panel to reconnect it, or even resubmit all the same details, as connection state simply says Failed.
    • Ability to add more than one VPN server in configuration for service continuity purposes. If one becomes unavailable, it could revert to the next specified.
       
  • VPN speed. I am sure you know about it, but enabling VPN bleeds native speed provided by router dramatically. Ran couple of tests, kept server the same for consistency purposes (both, VPN server and dest server of speedtest):
    • [VPN] Speed connected with laptop to NetDuma WiFI with Hybrid VPN ON:
       1_speed_VPN_router.thumb.jpg.3953c1797f52bfbaea513f10ba937987.jpg
       
    • [NATIVE] Speed connected with laptop to NetDuma WiFI with Hybrid VPN OFF:
      2_speed_router.thumb.jpg.b517bf6b11ccdcc00093c6fef1fa7e05.jpg
       
    • [NATIVE] Speed connected with laptop to non-Duma router WiFI on same network with no VPN:
      3_speed_appartment_wifi.thumb.jpg.635dff0eef65bc6ace55cd41806f2654.jpg
       
    • [VPN] Speed connected with laptop to non-Duma router WiFI with VPN ON via VPN provider's proprietary desktop app:
      4_speed_NativeVPN_appartment_wifi.thumb.jpg.f819fd8711393e6bc9dfddd9501d9b5a.jpg

      As you can see, NetDuma router beats the other one (Ubiquiti) hands down, but when VPN comes into play, all this native speed advantage is wasted. Desktop VPN app is outperforming, which is disappointing for me.

 

Now, the issues/questions:

  • As I said, I was hoping for seamless VPN integration, with almost like fire and forget configuration, however this was not the case and had to deep dive into making it work. Problem was DNS leak, and managed to fix it only after multiple trial and error attempts, where I found the firmware and upgraded it. Interesting that such issue was still persisting at v.3
    However, here came stability problem. It would run for some time, then disconnect, randomly. Not sure what might be causing this, apart from when I login to NordVPN service from another device, on that occasion it seems to drop connection on Duma as well, even if I am connecting to completely different VPN server, through desktop app on a device connected on different WAN. Is this VPN provider problem, or something is glitching on NetDuma?
     
  • Logs are gone in Hybrid VPN section after upgrading firmware to the latest. It just does not show anything on that tab. Tried firefox, chrome, different devices - nothing. Not critical, but annoying when performing diagnostics.
     
  • In latest firmware release notes, it says: "Added ability to use specific IPv4/IPv6 DNS in HybridVPN". I do not see such option in HybridVPN section. In Network Settings > WAN > Network > DHCP - Yes, but it was there before. Nothing in HybridVPN related to DNS.
     
  • What does "Use upstream DNS" exactly mean in this configuration? Is it same as default automatic value on windows network adapter, or with some additional functionality?
    Asking, because prior to updating to latest firmware, when VPN would be ON, it would use ISP's DNS and would end in DNS leakage, but would at least resolve the requests, however after update, it does not resolve any requests, while on VPN, unless I manually add DNS server addresses of Nord VPN's service. Shouldn't it pick those up automatically, and if not those, then at least ISP default ones?
     
  • And finally, what is the best configuration to use purely for VPN setup in the router? Maybe there are other ways to solve DNS leakage apart from adding VPN's DNS server addresses manually, or something else I missed?

For convenience, I added redacted ovpn file here.

Thank you for your input!

lt8.nordvpn.com.udp.ovpn

Link to comment
Share on other sites

  • Administrators

Hey, welcome to the forum!

I'll address each of your points:

Power Button - No there isn't a power button and as such we recommend rebooting from the interface if possible/needed. Routers are designed to be always on so unless you're having an issue specifically there shouldn't be a need to reboot.

More VPN providers - This is something we'd like to do as well, currently the way the feature is built it's not the easiest thing for us to do and as such we're planning an overhaul of the feature but I couldn't say as to when that would be completed.

Resiliency - The clearing of the configuration is a bug and so that will get fixed. Allowing for an extra config file to be added is a good idea, I'll add it to our list.

Speed - Unfortunately not much can be done about the speed when using OpenVPN on the router but we have two things that can help. 1) We recently implemented Wireguard as an option, this should allow you to get higher speeds through the VPN (if the VPN provider supports it and has the relevant files to provide) roughly 100Mbps. 2) The special part about HybridVPN is that you can specify on the device what you want it to apply to, specific ports etc. This allows you to for example, place a game behind the VPN (which uses very little bandwidth anyway) while leaving the rest of the device to run at full speed on your connection without the VPN influence.

DNS Leak - This is something we're aware of and as such we allow people to enter DNS in for the VPN feature itself and should resolve the issue (more on that in your later question). I suspect it disconnecting after awhile, especially if the connection is mostly idle would be the VPN server timing you out to save bandwidth - there doesn't appear to be anything on our side causing it. In regards to two different devices using the same account and getting disconnected that's nothing to do with us, likely a policy they have in place.

Logs not appearing is a bug and will be fixed for the next version.

On the HybridVPN page, click the ☰ icon top left of the panel and you can enter DNS there. 

Use Upstream DNS will use the DNS that your ISP/modem DNS uses. Adding DNS to HybridVPN should resolve that issue.

As above.

Link to comment
Share on other sites

Hi Fraser!

Many thanks for your responses, appreciate that!

14 hours ago, Netduma Fraser said:

1) We recently implemented Wireguard as an option, this should allow you to get higher speeds through the VPN (if the VPN provider supports it and has the relevant files to provide) roughly 100Mbps.

Yes, looking forward to this one. NordVPN already supports it, but this protocol can be chosen only on their app so far, manual config files are yet to come.
 

 

14 hours ago, Netduma Fraser said:

2) The special part about HybridVPN is that you can specify on the device what you want it to apply to, specific ports etc. This allows you to for example, place a game behind the VPN

It would come in handy, as I am using only 1-2 services, which need to be VPN'ed, but of course they are not part of the template list, hence need to look up their traffic signature and ports to custom define it by capturing traffic at least with WireShark. Considering traffic is coming from TV, did not force myself to it yet. Is there a tool in Duma to see all the traffic in realtime, or a snapshot of it with all associated details?

 

14 hours ago, Netduma Fraser said:

I suspect it disconnecting after awhile, especially if the connection is mostly idle would be the VPN server timing you out to save bandwidth - there doesn't appear to be anything on our side causing it.

Need to look more into this to identify pattern, if any. Cannot stop thinking if having a heartbeat functionality for VPN would be a solution to this problem. Especially, if it can be turned off/on, with custom intervals. Otherwise it's a bit annoying to log into console each time to re-enable dropped connection (and may be too complicated for some family members, if the router is used in such env).

 

Again, thank you for all your answers!

Link to comment
Share on other sites

  • Administrators

I believe you may have Wireguard on that version so if you go to the Advanced Setup on HybridVPN, where it says OpenVPN you should be able to select Wireguard. You may have trouble with the correct config so if that is the case post the config you want to use and we can edit it to try and get it working.

Currently you're not able to see what specific ports are used but it has been suggested so likely something we'll implement in future. Looks like Netflix for example primarily use port 443 which is the main port for general web traffic so in this case it may be best to keep the whole TV in the VPN and use Wireguard so you get as much speed as possible.

That's a good idea, definitely something we could look into for the redesign.

You're very welcome!

Link to comment
Share on other sites

Hello,

Over last couple of days, I have deep-dived into some repetitive testing.

On 4/2/2022 at 3:46 PM, Netduma Fraser said:

I believe you may have Wireguard on that version so if you go to the Advanced Setup on HybridVPN, where it says OpenVPN you should be able to select Wireguard. You may have trouble with the correct config so if that is the case post the config you want to use and we can edit it to try and get it working.

Yes, please. NordVPN are not providing WireGuard config files themselves yet, hence attached .ovpn configuration file, removed sensitive parts. If you are able to rework it, then it would be great to test out.

 

On 4/2/2022 at 3:46 PM, Netduma Fraser said:

Currently you're not able to see what specific ports are used but it has been suggested so likely something we'll implement in future. Looks like Netflix for example primarily use port 443 which is the main port for general web traffic so in this case it may be best to keep the whole TV in the VPN

It kind of beats the purpose to have different templates for services to exclude from hybrid VPN. I've noticed that myself: even if I select to exclude Netflix from VPN, it does not change anything. I need to keep switching VPN on/off, as I use different services on assets which require VPN and if I want to use Netflix I need to turn VPN off. No possibility to use VPN in hybrid mode with Netflix.

 

On 4/2/2022 at 2:56 PM, Kotu said:
On 4/1/2022 at 11:55 PM, Netduma Fraser said:

I suspect it disconnecting after awhile, especially if the connection is mostly idle would be the VPN server timing you out to save bandwidth - there doesn't appear to be anything on our side causing it.

Need to look more into this to identify pattern, if any. Cannot stop thinking if having a heartbeat functionality for VPN would be a solution to this problem. Especially, if it can be turned off/on, with custom intervals. Otherwise it's a bit annoying to log into console each time to re-enable dropped connection (and may be too complicated for some family members, if the router is used in such env).

So this. At first it seemed it was disconnecting only after a period of inactivity (after the night), but then I noticed it happened randomly with very same outcome:

  • After VPN disconnect, status shows up as Failed after logging into DumaOS VPN section:
    VPN_Failed_1.thumb.png.9c198ca0b6dbc2d224c5e8d7fa8e4c1c.png
     
  • When turning the VPN off (clicking on Enable slider), status changes to No VPN Configured:
    VPN_Failed_2.thumb.png.b316835b72d95054765c1e7d437d3c0a.png
     
  • All configuration on previously set VPN is discarded

Following all this, I need to re-add all configuration details from ovpn file (it works with very same details I used before), reboot the router (otherwise VPN does not work) and re-enable it.

Without logs, I am not able to provide any additional details, unfortunately. Checked with NordVPN support and according to them, no timeout termination of client takes place on their end.

Any ideas?

Thanks!

lt8.nordvpn.com.tcp443.ovpn

Link to comment
Share on other sites

  • Administrators

It isn't possible to turn an OpenVPN configuration into a WireGuard configuration unfortunately, the VPN provider needs to support it and provide that to you so it may be worth looking into another provider that does support it.

Netflix may work differently on a TV than a PC so we'll need to have a look at DPI for it on a TV, thanks for letting us know.

We're aware of the config wiping, that will have to be done at a later date, we'll take a look at it disconnecting prematurely - how long does it take before it disconnects? It might be that we have a timeout on our side.

Link to comment
Share on other sites

22 hours ago, Netduma Fraser said:

We're aware of the config wiping, that will have to be done at a later date, we'll take a look at it disconnecting prematurely - how long does it take before it disconnects? It might be that we have a timeout on our side.

At first, it seemed to occur after the night, hence the disconnect due to inactivity theory. But after further monitoring, it seemed to happen randomly, while actively using VPN as well, which was immediately followed by config wipe.

After refreshing wiped config, it remains stable for next 24h or so. With logs availability it would be easier to provide more accurate data, but this is what I have now. I'll try to establish more accurate timeline, if I find some time.

Thanks for you support.

Link to comment
Share on other sites

  • Administrators

Logs not appearing is fixed for the next version so as you said that will provide valuable information once available for us to look into the issue and work on a fix. Thanks for the information so far, super helpful!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...