I've followed the tutorial for Ubuntu 16 several times and still can't get it to work. The vpn is established, but it doesn't look like anything is being routed over the vpn. Curl'ing ipinfo as the vpn user just hangs until it eventually times out.
ip route:
ip rule list:
iptables -L:
iptables -L -t mangle
iptables -L -t nat
ip route:
Code:
default via 10.10.2.1 dev ens32 proto dhcp src 10.10.2.10 metric 100
10.10.2.0/24 dev ens32 proto kernel scope link src 10.10.2.10
10.10.2.1 dev ens32 proto dhcp scope link src 10.10.2.10 metric 100
10.24.0.13 dev tun0 proto kernel scope link src 10.24.0.14
Code:
0: from all lookup local
32765: from all fwmark 0x1 lookup vpn
32766: from all lookup main
32767: from all lookup default
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy DROP)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere owner UID match vpn
ACCEPT all -- anywhere anywhere owner UID match vpn
REJECT all -- !htpc anywhere reject-with icmp-port-unreachable
Code:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK restore
MARK all -- anywhere !htpc owner UID match vpn MARK set 0x1
MARK udp -- anywhere htpc udp dpt:domain owner UID match vpn MARK set 0x1
MARK tcp -- anywhere htpc tcp dpt:domain owner UID match vpn MARK set 0x1
MARK all -- !htpc anywhere MARK set 0x1
CONNMARK all -- anywhere anywhere CONNMARK save
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Code:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere