How to Route (only) DNS over Router OpenVPN Client Tunnel?

I am using a AsusWRT Router, it uses a Unix kernel with entware repos; I’m running DNSCrypt and dnsmasq, and OpenVPN runs on the router as well. I would like to forward all DNS globally on the network through the VPN client tunnel. How can I do this?

I can easily route any client on the subnet through OpenVPN; Must I create a client routed through VPN and route all DNS traffic to that client running its own dns-server? For example, 192.168.50.150. Or is there a better way, a way I can route all traffic directly on the router without needing an extra client/gateway for DNS?

Thank you

VPN/SSH Tunnel from outside a network to inside

I have a game server, on machine A on my local network, and I want people to be able to connect to it from machine B, a VPS on the WAN. I first thought of using a VPN, so I did some Googling however I cannot find a suitable tutorial – they all either are for a different use case (i.e. the clients all connect to the VPN instead of just the two servers) or are too confusing for a newbie to this kind of networking like me.

I want the architecture to look a little like this:
game-server <===> routers <===> vps <===> clients
The connection between the vps and the clients is easy because it is outbound from the clients, thus any NAT that might be there would not be an issue, however the vps needs an inbound connection to the game-server, forwarding all requests (on a single port (I think the games only use one port))

I cannot simply port-forward on my home router as my internet connection comes from the 4G-LTE network, which has NAT and I can’t port-forward on that for obvious reasons.

EDIT #2: It might be more easy to understand this way: to the clients, vps looks like game-server. vps should be totally transparent to the game.

How to configure strongswan peer-to-peer vpn tunnel using public IP as encryption domain?

I’m required to configure an ipsec tunnel to communicate with a remote vpn (Cisco ASA 5555). I have created an Amazon Lightsail instance with ubuntu 18.04 installed. Upon doing some studying i came across Strongswan which I’ve used to configure the tunnel. The remote side provided a list of parameters I should use to configure my tunnel, I’ve listed them below and my settings found in ipsec.conf file. My problem is, whenever i initiate traffic to the remote side the traffic originates from my private ip (aa.aa.aa.aa) instead of my public ip AA.AA.AA.AA – since the remote side refused to use my private ip as encryption domain (something to do with it has been used in their local network) they had to allow my public ip. How can i configure strongswan such that the remote side sees traffic originating from my public ip (that way we’ll have a successful tunnel connection).

Local site A:

  • Public IP: AA.AA.AA.AA
  • Private IP: aa.aa.aa.aa
  • Subnet: aa.aa.aa.aa.aa/20

Remote site B:

  • Public IP: BB.BB.BB.BB
  • Private IP: bb.bb.bb.bb
  • Subnet: bb.bb.bb.bb/32

Conf Parameters:

Phase 1

  • Authentication method: Pre-Shared Key
  • Encryption Scheme: IKE
  • DH: Group 2
  • Encryption Algorithm: ESP-AES-256
  • Hashing Algorithm: SHA1
  • Main Mode
  • Lifetime (for negotiation): 86400s

Phase 2

  • Encapsulation: ESP
  • Encryption Algorithm: AES-256
  • Authentication Algorithm: SHA1
  • No PFS
  • Lifetime (for negotiation): 3600s
  • Key Exchange: Yes

Any help is appreciated!


ipsec.conf . charon log

How does Tunnel Fighter’s reaction attack interact with Sentinel’s speed-reduction effect?

So lets say I’m a Fighter, and a Creature is standing to my side, within my reach (*), like this:

o o o o o o * * * o o * F * o o * C * o o o o o o  

If that creature attempts to move past me (to the left or right) and exit my reach (into the o-zone), will Tunnel Fighter’s reaction attack trigger as he’s leaving my reach? I would guess yes, because he has to move a few inches to begin the process of leaving my reach, at which point he’s “moved more than 5 feet”, which triggers Tunnel Fighter’s reaction.

If I’m right about that, Tunnel Fighter and Sentinel have an interesting interaction that I’d like clarification on. Assuming I’m in the Tunnel Fighter stance when this happens, I can potentially take an Attack of Opportunity upon the creature as he leaves my reach and use my Reaction to attack him with Tunnel Fighter’s trigger. However, Sentinel makes that AO stop the creature in its tracks.

So my question is: can I take both an Opportunity Attack and the Tunnel Fighter reaction attack in this particular situation?

If the creature starts in the bottom-right *, I assume the answer is a cut and dry “Yes”, since he’s clearly “moving more than 5 feet while within my reach” and won’t get stopped by Sentinel until he’s already moved 10 feet. The uncertainty arises when Sentinel’s OA effect prevents him from taking the second 5 feet of movement.

And in the same vein, it’s clear that the answer is “No” if the creature moves directly down. It has left my reach before it has moved more than 5 feet, so Tunnel Fighter’s reaction attack definitely won’t trigger.

cheap tunnel light led

Our History
Founded in 2005, located in Linglong Industrial Park, the west of Hangzhou.
Our Factory
ZGSM is a hi-tech and private Enterprise devoted to R&D, producing and selling of high quality LED indoor/outdoor lights, LED traffic lights, solar panels and solar powered LED lighting system and so on. As one of the patent model enterprises and the first batch of Energy-saving Service Company in Zhejiang Province, we have registered more than fifty products; we are also the members of Illuminating Engineering Society and Semiconductor Industry Association in China.
Our Product
Our products covers LED street lights, LED high bay lights, LED gas station lights, LED flood lights, LED tunnel lights, LED stadium lights and other indoor/outdoor LED lights; LED traffic lights and signal controllers; PV modules, solar LED street lights and solar powered generation systems. Our products take the advantage of energy saving, environmental friendly, long life and so on.
Product Application
Been widely used in indoor/outdoor lighting, city lighting, traffic instruction, solar power generation projects and other fields.
Our Certificate
CE, GS, UL, RoHS, CB, ENEC, SAA, DLC, LM79,LM80, ISO9001, ISO14001
Production Equipment
Chip mounter,EVERFINE GO-2000 Photometric test equipment, Vigor VG2302 Leakage current Tester, Vigor VG2679 Insula?on Resistance Tester, Vigor VG2670A Dielectric strength tester, Vigor VG2678A Ground Resistance Tester, TDS1002 Integra?ng sphere
Production Market
our products have been exported to more than 80 countries and regions
Our Service
Sales, technical and aftersales is 24hours on line for servicecheap tunnel light led
website:http://www.zgsmlightings.com/
website2:http://www.zgsm-outdoorlighting.com/

What are the best ciphers in terms of performance for SSH tunnel?

From a security standpoint, there are few good cipher options to use with SSH, such as ChaCha20, AES 128/256 GCM/CTR. As I understand (please correct me if I wrong), all of these offer pretty strong encryption.

However, what are the performance differences between aforementioned ciphers? In certain SSH tunneling applications (like tunneling NFS, for example) the performance is absolutely critical. How does one chose the cipher for the best performance, while maintaining reasonable security?

Of course I could just try and measure the difference, but this data will only be applicable to my specific hardware and particular measurement technique (in my simple benchmark AES 128 GCM seems to show the best results both in terms of throughput and low CPU load).

Speaking more general (and assuming CPU has AES-NI support):

  1. Does ChaCha20 take advantage of AES-NI?
  2. Is GCM mode faster than CTR?
  3. How does key size (128 vs 256) affects performance?
  4. Apart from the raw throughput, what ciphers tend to load CPU more?

Are there any softwares/websites that provides a service to tunnel a public URL to my localhost with port number without being timed out/terminated?

I came across Ngrok and Localtunnel but after a while, the tunnel gets disconnected/discontinued, meaning I cannot link my localhost (with port number) in Visual Studio 2015 to a public URL. Are there any free softwares/platforms to do the same thing but permanent?

Difference between SSH Tunnel / Proxy and VPN in terms of security

What befits does a VPN have over just using a regular SSH Tunnel?

I’m considering setting up OpenVPN on a server, but was wondering what benefits that would have over just using that same server as an SSH Tunnel which is very easy to setup and allows connecting via SOCKS5 which is already supported everywhere. Wouldn’t both show the same IP address as source anyways in which case you’re no longer anonymous?

SSH Tunnel seems to be much easier, just open an SSH tunnel and setup computer to connect to that port via localhost and a SOCKS5 proxy.

ssh -D 1723 -f -C -q -N user@server.com 

VPN on the other hand seems like a bit more work to setup and i’m unable to see what benefits it offers over just a simple SSH Tunnel.

OpenVPN Tunnel blocking inbound web connections

I have a server running a OpenVPN client to route all internet traffic via the VPN.

I have excluded the local subnet from the tunnel and this is all working well so far.

The server also has a webserver running, which is publicly accessible using port forwarding from my router.

The web server is only working when the VPN client is stopped. I assume when the vpn is open the packets to respond are being sent back over the VPN link, rather than back to the router.

Question: is it possible to prevent this?

I’m running Ubuntu Server 18.04.

Thanks