VyprVPN settings with LEDE
- Know your way around Linux, SSH (putty), Shell, Compile your own firmware, understand Class A, B, C Networking.
My setup: VirtualBox by Oracle
compile your own LEDE firmware and select the packages you want to have yourself (minimal installation = cleanest installation)
Information for starters:
I'm not going to write a full tutorial here how to handle linux and all the commands. You can use search engines online for that.
But the information on routers setup, dd-wrt, openwrt didn't work on my end so I analyses the error logs to get it up and running and will post the result here online:
vi, nano or whatever the file /etc/config/openvpn
config openvpn 'VyprVPN'
option port '443'
option cipher 'AES-256-CBC'
option auth 'SHA256'
option tlsclient '1'
option tlscipher 'TLS-DHE-RSA-WITH-AES-256-CBC-SHA'
option complzo 'no'
option renegsec '0'
option verb '3'
option persistkey '1'
option nobind '1'
option dev 'tun'
option tunmtu '1500'
option keepalive '10 60'
option persisttun '1'
option persistremoteip '1'
option authuserpass '/etc/openvpn/userpass.txt'
list remote 'ru1.vpn.goldenfrog.com'
option remoterandom '1'
option proto 'udp'
option resolvretry 'infinite'
option ca '/etc/luci-uploads/cbid.openvpn.VyprVPN.ca'
option authnocache '1'
option enabled '1'
option log '/etc/openvpn/log'
option client '1'
make sure the ca.crt points to your location where you have copied it. I used the GUI for this as I was too lazy to do vi /etc/openvpn/ca.crt and copy the cert text into that file. (in putty you first press a to insert and than mouse right click to paste)
so, last but not least, vyprVPN says dns protection does not apply to this kind of setup. Which means you have absolutely no anonymity on the internet and everyone can still figure out where you're going to including your ISP and they don't even need DPI for that.
But that's wrong. Here how to find out which DNS to use:
search for the line looking like this:
/sbin/ip addr add dev tun0 10.11.219.28/24 broadcast 10.11.219.255
this class A IP most likely looks different when you use other vpn servers.
now force your computer or whatever you're working with (a NAS I'm using) to use this IP as your DNS.
If all these test show IP and DNS which do not belong to your ISP or other ISP on your VPN network (we're connecting here a large tap VPN network with the VyprVPN network, so leaks are more prone to exist in our special setup as for common users who have no idea how to setup class B networking) it means you're all good and have a hidden IP without DNS leaks.
in our case these websites think we're everywhere on this planet except where we really are :)
P.S. LZO compression is recommended. I strongly advise against it. Unless you have a 2000+ USD Xeon running your router, computer or virtual box! Only very strong CPU performance is good for openVPN!
openVPN is single threading. It doesn't use multithreading. So best is to keep LZO off and have a CPU that supports AES hardware support.
Also, when you do the DNS tests. You might as a result see :"you're DNS is leaking" because these tests can detect you're not using the DNS with the same ip range as from your VPN provider. This is legit.
Because if you have a good look, these DNS are also not these of your ISP! :) They are openDNS or some other DNS. Mostly in countries with very high privacy protection like Amsterdam is a main DNS provider for openDNS to provide privacy protection.
It's totally valid to use an amsterdam openDNS! Just make sure your ISP doesn't show in the list of tests.