Hi,
I have been setting up my RPi 3 as a Plex server with Sonarr, Radarr and transmission with all the guides but I wanted to add a VPN for torrenting and I am stuck in the VPN Split Tunnel Guide.
I have followed this one https://www.htpcguides.com/force-torrent...ntu-16-04/ almost by the letter. I changed the openvpn.conf to use my .ovpn file and added the last lines (up and down scripts) and login.txt file.
But when I try to execute sudo curl ipinfo.io I have a Could not resolve host error even with normal user. I cannot ping google.com neither.
The service starts correctly:
Here is the result of sudo iptables -S
and sudo iptables -L
Any help on what can cause this would be great
I have been setting up my RPi 3 as a Plex server with Sonarr, Radarr and transmission with all the guides but I wanted to add a VPN for torrenting and I am stuck in the VPN Split Tunnel Guide.
I have followed this one https://www.htpcguides.com/force-torrent...ntu-16-04/ almost by the letter. I changed the openvpn.conf to use my .ovpn file and added the last lines (up and down scripts) and login.txt file.
But when I try to execute sudo curl ipinfo.io I have a Could not resolve host error even with normal user. I cannot ping google.com neither.
The service starts correctly:
Code:
openvpn@openvpn.service - OpenVPN connection to openvpn
Loaded: loaded (/etc/systemd/system/openvpn@openvpn.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2018-11-13 23:02:48 EST; 36min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 558 ExecStart=/usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn --script-security 2 --co
Main PID: 570 (openvpn)
CGroup: /system.slice/system-openvpn.slice/openvpn@openvpn.service
└─570 /usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn --script-security 2 --config /et
Nov 13 23:02:53 rpi-jccm ovpn-openvpn[570]: TCP/UDP: Preserving recently used remote address: [AF_INET]x.x.x.x:1194
Nov 13 23:02:53 rpi-jccm ovpn-openvpn[570]: UDP link local: (not bound)
Nov 13 23:02:53 rpi-jccm ovpn-openvpn[570]: UDP link remote: [AF_INET]x.x.x.x:1194
Nov 13 23:02:55 rpi-jccm ovpn-openvpn[570]: [openvpn2.vpnunlimitedapp.com] Peer Connection Initiated with [AF_INET]x.x.x.x:1194
Nov 13 23:03:01 rpi-jccm ovpn-openvpn[570]: TUN/TAP device tun1 opened
Nov 13 23:03:01 rpi-jccm ovpn-openvpn[570]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Nov 13 23:03:01 rpi-jccm ovpn-openvpn[570]: /sbin/ip link set dev tun1 up mtu 1500
Nov 13 23:03:01 rpi-jccm ovpn-openvpn[570]: /sbin/ip addr add dev tun1 local x.x.x.x peer x.x.x.x
Nov 13 23:03:01 rpi-jccm ovpn-openvpn[570]: /etc/openvpn/iptables.sh tun1 1500 1553 x.x.x.x x.x.x.x init
Nov 13 23:03:22 rpi-jccm ovpn-openvpn[570]: Initialization Sequence Completed
Code:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N f2b-ssh
-N f2b-sshd
-A INPUT -i tun0 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i tun0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -m owner --uid-owner 1001 -j ACCEPT
-A OUTPUT -o tun0 -m owner --uid-owner 1001 -j ACCEPT
-A OUTPUT ! -s 192.168.100.3/32 -o eth0 -j REJECT --reject-with icmp-port-unreachable
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere owner UID match vpn
ACCEPT all -- anywhere anywhere owner UID match vpn