Ok going mad here and can't figure out the issue. I've followed the Force Torrent Traffic through VPN Split Tunnel Debian 8 + Ubuntu 16.04 guide and getting this error. I can't figure out why (I'm using a Pi)
Directory
iptables.sh
openvpn.conf
error
Directory
Code:
ls -la /etc/openvpn/
total 40
drwxr-xr-x 4 root root 4096 Oct 10 21:13 .
drwxr-xr-x 117 root root 4096 Oct 10 14:51 ..
-rw-r--r-- 1 root root 1818 Oct 10 09:14 ca.crt
drwxr-xr-x 2 root root 4096 Jul 18 21:15 client
-rwxr-xr-x 1 root root 1639 Oct 10 13:13 iptables.sh
-rw-r--r-- 1 root root 22 Oct 10 09:14 login.txt
-rw-r--r-- 1 root root 662 Oct 10 21:11 openvpn.conf
-rwxr-xr-x 1 root root 652 Oct 10 12:13 routing.sh
drwxr-xr-x 2 root root 4096 Jul 18 21:15 server
-rwxr-xr-x 1 root root 1345 Oct 9 13:20 update-resolv-conf
iptables.sh
Code:
#!/bin/bash
# Niftiest Software – www.niftiestsoftware.com
# Modified version by HTPC Guides – www.htpcguides.com
export INTERFACE="tun0"
export VPNUSER="vpn"
export LOCALIP="192.168.1.110"
export NETIF="wlan0"
# flushes all the iptables rules, if you have other rules to use then add them into the script
iptables -F -t nat
iptables -F -t mangle
iptables -F -t filter
# mark packets from $VPNUSER
iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -j CONNMARK --save-mark
# allow responses
iptables -A INPUT -i $INTERFACE -m conntrack --ctstate ESTABLISHED -j ACCEPT
# block everything incoming on $INTERFACE to prevent accidental exposing of ports
iptables -A INPUT -i $INTERFACE -j REJECT
# let $VPNUSER access lo and $INTERFACE
iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT
iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT
# all packets on $INTERFACE needs to be masqueraded
iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
# reject connections from predator IP going over $NETIF
iptables -A OUTPUT ! --src $LOCALIP -o $NETIF -j REJECT
# Start routing script
/etc/openvpn/routing.sh
exit 0
openvpn.conf
Code:
client
remote lon.tigervpn.com 1194 udp
remote lon.tigervpn.com 443 tcp-client
pull
auth-user-pass /etc/openvpn/login.txt
comp-lzo adaptive
ca ca.crt
dev tun
tls-client
script-security 2
cipher AES-256-CBC
mute 10
route-delay 5
redirect-gateway def1
resolv-retry infinite
#dhcp-renew
#dhcp-release
persist-key
persist-tun
remote-cert-tls server
mssfix
# Get help and more information by visiting https://help.tigervpn.com
# With love from Bratislava, happy tigerVPN’ing!
disable-occ
auth-nocache
nobind
#proto udp
route-noexec
#up and down scripts to be executed when VPN starts or stops
up /etc/openvpn/iptables.sh
down /etc/openvpn/update-resolv-conf
error
Code:
ct 10 21:52:25 raspberrypi ovpn-openvpn[5976]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Oct 10 21:52:25 raspberrypi ovpn-openvpn[5976]: TCP/UDP: Preserving recently used remote address: [AF_INET]185.20.99.139:1194
Oct 10 21:52:25 raspberrypi ovpn-openvpn[5976]: UDP link local: (not bound)
Oct 10 21:52:25 raspberrypi ovpn-openvpn[5976]: UDP link remote: [AF_INET]185.20.99.139:1194
Oct 10 21:52:26 raspberrypi ovpn-openvpn[5976]: [tigervpn.com] Peer Connection Initiated with [AF_INET]185.20.99.139:1194
Oct 10 21:52:32 raspberrypi ovpn-openvpn[5976]: TUN/TAP device tun0 opened
Oct 10 21:52:32 raspberrypi ovpn-openvpn[5976]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Oct 10 21:52:32 raspberrypi ovpn-openvpn[5976]: /sbin/ip link set dev tun0 up mtu 1500
Oct 10 21:52:32 raspberrypi ovpn-openvpn[5976]: /sbin/ip addr add dev tun0 100.97.0.24/16 broadcast 100.97.255.255
Oct 10 21:52:32 raspberrypi ovpn-openvpn[5976]: /etc/openvpn/iptables.sh tun0 1500 1553 100.97.0.24 255.255.0.0 init
Oct 10 21:52:32 raspberrypi ovpn-openvpn[5976]: WARNING: Failed running command (--up/--down): could not execute external program
Oct 10 21:52:32 raspberrypi ovpn-openvpn[5976]: Exiting due to fatal error