From 42b46e5e7317aeb623ca07edfe2cf8cd21473e68 Mon Sep 17 00:00:00 2001 From: Bill Zimmerman Date: Tue, 21 Jul 2020 18:41:26 +0200 Subject: [PATCH] Updated FAQs (markdown) --- FAQs.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/FAQs.md b/FAQs.md index d5970fb..cdd756a 100644 --- a/FAQs.md +++ b/FAQs.md @@ -21,6 +21,7 @@ This has been written to address some frequently asked questions among users of * [Can I use RaspAP with my custom dnsmasq configuration?](#dnsmasq) * [OpenVPN fails to start and/or I have no internet. Help!](#openvpn) * [OpenVPN works but I have partial or no internet access. Help!](#partial) +* [OpenVPN is enabled but I am still blocked from country restricted websites. Help!](#restricted) * [How do I exclude NAT rules from IP traffic on localhost?](#iptables) * [Why is the 802.11ac 5GHz option disabled in Configure hotspot?](#80211ac) * [I think my country allows 5 GHz AP channels. Can I test this?](#wificountries) @@ -279,6 +280,18 @@ The results are reported as round-trip response times in milliseconds and the pe Protip: free VPNs are frequently oversubscribed and usually not worth the trouble. +## OpenVPN is enabled but I am still blocked from country restricted websites. Help! +Remote hosts use a variety of methods to defeat VPNs, some more aggressively than others. Many VPN providers will advise you to configure custom DNS servers to mitigate [DNS leaks](https://dnsleaktest.com/), which you can do from RaspAP's **DHCP > Advanced** tab. Others have specific VPN nodes to use with popular streaming services. + +Several users have reported that Firefox's [DNS-over-HTTPS (DoH)](https://support.mozilla.org/en-US/kb/firefox-dns-over-https) has created problems with their VPN, in effect creating a DNS leak from the browser that circumvents RaspAP's DNS settings. Be sure to disable this "feature" when using a VPN service. + +If you suspect network traffic is not being routed through tun0 (or any other interface) for some reason, you can monitor this directly from your RPi with `iftop`: + +``` +sudo apt install iftop +sudo iftop -i [interface] +``` + ## How do I exclude NAT rules from IP traffic on localhost? RaspAP's [Quick Installer](https://github.com/billz/raspap-webgui/wiki/Quick-Installer-usage) configures network-address-translation (NAT) with iptables rules, so that the RPi can act as an internet gateway to multiple hosts on a local network with a single public IP address. This is done by rewriting the addresses of IP packets as they pass through the NAT system. Many access points, including RaspAP, use a combination of IP forwarding and masquerading to achieve this.