Hello,
First I'd like to say thanks for the hard effort for the guides, website, and support. You guys rock, thank you a bunch.
So I have a headed Ubuntu 16.04 bare metal server and Private Internet Access.
I'm trying to split tunnel the vpn user's traffic.
I'm getting hung up on
It doesn't return anything. I'm pretty sure I'm connecting to the VPN, it's just not routing the traffic for the vpn user correctly. Here's the openvpn sysctl status:
here's my ifconfig (after connected, doesn't show my ISP IP)
Here's what I used for the scripts (I cleaned up the comments to save some space)
So I'm trying to wrap my head around all of this. It does look connected... I mean I wouldn't have a vpn IP for it on ip route list otherwise...
I wonder if tun0 needs an inet4 link to enp6s0 the same way it has an inet6 link...
Not sure where enp7s1 fits in with all of this. I know that I'm using a PCI ethernet card, and there is still the one on the motherboard with nothing plugged in. I'm submitting this behind the regular user, so the internet is definitely working.
I really appreciate taking the time to look at this. If you can help me make this work I will be a very happy man!
Thanks
First I'd like to say thanks for the hard effort for the guides, website, and support. You guys rock, thank you a bunch.
So I have a headed Ubuntu 16.04 bare metal server and Private Internet Access.
I'm trying to split tunnel the vpn user's traffic.
I'm getting hung up on
Code:
sudo -u vpn -i -- curl ipinfo.io
Code:
serv@SERVETERP:~$ sudo systemctl status openvpn@openvpn.service
● openvpn@openvpn.service - OpenVPN connection to openvpn
Loaded: loaded (/etc/systemd/system/openvpn@openvpn.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2018-01-31 11:25:21 CST; 20min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 7918 ExecStart=/usr/sbin/openvpn --daemon ovpn-%i --status /run/openvpn/%i.status 10 --cd /etc/openvpn --script-security 2 --config
Main PID: 7921 (openvpn)
CGroup: /system.slice/system-openvpn.slice/openvpn@openvpn.service
└─7921 /usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn --script-security 2 --conf
Jan 31 11:25:22 SERVETERP ovpn-openvpn[7921]: UDP link local: (not bound)
Jan 31 11:25:22 SERVETERP ovpn-openvpn[7921]: UDP link remote: [AF_INET]91.108.183.186:1198
Jan 31 11:25:22 SERVETERP ovpn-openvpn[7921]: [de4ecb0426b08cbd4a50b7ea3c94393c] Peer Connection Initiated with [AF_INET]91.108.183.186:1198
Jan 31 11:25:24 SERVETERP ovpn-openvpn[7921]: auth-token received, disabling auth-nocache for the authentication token
Jan 31 11:25:24 SERVETERP ovpn-openvpn[7921]: TUN/TAP device tun0 opened
Jan 31 11:25:24 SERVETERP ovpn-openvpn[7921]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Jan 31 11:25:24 SERVETERP ovpn-openvpn[7921]: /sbin/ip link set dev tun0 up mtu 1500
Jan 31 11:25:24 SERVETERP ovpn-openvpn[7921]: /sbin/ip addr add dev tun0 local 10.77.10.6 peer 10.77.10.5
Jan 31 11:25:24 SERVETERP ovpn-openvpn[7921]: /etc/openvpn/iptables.sh tun0 1500 1558 10.77.10.6 10.77.10.5 init
Jan 31 11:25:24 SERVETERP ovpn-openvpn[7921]: Initialization Sequence Completed
Code:
enp6s0 Link encap:Ethernet HWaddr c0:25:e9:10:43:55
inet addr:192.168.1.141 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::c225:e9ff:fe10:4355/64 Scope:Link
inet6 addr: 2605:a601:40f0:115:c225:e9ff:fe10:4355/64 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:24669 errors:0 dropped:0 overruns:0 frame:0
TX packets:18154 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:10220792 (10.2 MB) TX bytes:2908095 (2.9 MB)
enp7s1 Link encap:Ethernet HWaddr 20:cf:30:39:ca:7d
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:12921 errors:0 dropped:0 overruns:0 frame:0
TX packets:12921 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4927933 (4.9 MB) TX bytes:4927933 (4.9 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.77.10.6 P-t-P:10.77.10.5 Mask:255.255.255.255
inet6 addr: fe80::91e5:aa02:f578:539c/64 Scope:Link
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:9 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B) TX bytes:432 (432.0 B)
Code:
serv@SERVETERP:~$ cat /etc/network/interfaces
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo enp6s0
iface lo inet loopback
iface enp6s0 inet dhcp
serv@SERVETERP:~$ cat /etc/openvpn/iptables.sh
export INTERFACE="tun0"
export VPNUSER="vpn"
export LOCALIP="192.168.1.141"
export NETIF="enp6s0"
serv@SERVETERP:~$ cat /etc/openvpn/routing.sh
VPNIF="enp6s0"
VPNUSER="vpn"
GATEWAYIP=$(ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1)
if [[ `ip rule list | grep -c 0x1` == 0 ]]; then
serv@SERVETERP:~$ cat /etc/openvpn/update-resolv-conf
foreign_option_1='dhcp-option DNS 209.222.18.222'
foreign_option_2='dhcp-option DNS 209.222.18.218'
foreign_option_3='dhcp-option DNS 8.8.8.8'
serv@SERVETERP:~$ sudo cat /etc/iproute2/rt_tables
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep
200 vpn
So I'm trying to wrap my head around all of this. It does look connected... I mean I wouldn't have a vpn IP for it on ip route list otherwise...
Code:
serv@SERVETERP:~$ ip route list
default via 192.168.1.1 dev enp6s0
10.77.10.5 dev tun0 proto kernel scope link src 10.77.10.6
169.254.0.0/16 dev enp6s0 scope link metric 1000
192.168.1.0/24 dev enp6s0 proto kernel scope link src 192.168.1.141
I wonder if tun0 needs an inet4 link to enp6s0 the same way it has an inet6 link...
Code:
inet6 addr: fe80::91e5:aa02:f578:539c/64 Scope:Link
Not sure where enp7s1 fits in with all of this. I know that I'm using a PCI ethernet card, and there is still the one on the motherboard with nothing plugged in. I'm submitting this behind the regular user, so the internet is definitely working.
I really appreciate taking the time to look at this. If you can help me make this work I will be a very happy man!
Thanks