Will the Foris connection tests use the VPN connection?

Software
1

Do the WAN/DNS connection tests in Foris use the VPN connection if one is setup?

2

Do you mean the situation where a Turris acts as a VPN server? I can’t imagine how to do such tests. Any communication over VPN can be tested only when at least one client is connected.

3

Since the connectivity/speed tests are egress traffic it would only make sense with VPN client connected to an upstream remote endpoint. In which case it depends whether the egress traffic generated by the router itself gets routed via VPN or whether only egress traffic from the router’s client(s) get(s) routed via VPN.

4

Sorry my question wasn’t clear. :blush: I meant if a Turris is connected to (a 3rd party) VPN provider, and it’s setup so that all traffic will go through the VPN. I basically followed the guide here:

In this case, will the Foris connection tests use the VPN connection? I ran into an issue where the VPN connection went down, and the Foris connection tests were still working. I didn’t do extensive testing, so it could have been something else. But this also makes me wonder if other functionality like updates, and software/packages will go through the VPN.

5

The scripts provisioned for particular TOS features do not alter the routing (table), least to my knowledge. You could always run a traceroute on the router self (cli or LuCI).

6

I did some testing of my own, and from what I’m seeing Foris and LuCI functionality does not use the VPN connection.

I disabled the VPN (stopped it via the GUI) which disabled internet for all clients connected to the router. But the DNS connection test in Foris still worked, and I was able to update software in LuCI.

Is this expected behavior?

7

Depends whether all protocols (TCP,UDP.ICMP and so on) are routed via the VPN or only say TCP.

Unless otherwise specified DNS commonly utilizes UDP and if that is not routed via VPN then the described outcome can be expected.

8

Hmm, I setup a firewall rule so that the LAN will go through the VPN (and not the WAN), I’m not sure what protocols that covers. :man_shrugging: Anyhow, it sounds like it’s expected behavior, so I think we’re good. Thanks for the replying, @anon50890781 :smiley: