Posts: 45
Threads: 4
Joined: Mar 2017
Reputation:
5
[Not Solved]
Dec 21, 2018, 04:24 PM
(This post was last modified: Dec 21, 2018, 05:15 PM by Lt Hawk.)
(Aug 21, 2018, 08:59 PM)moonraker Wrote: Awesome work, man!
If you can get auto port forwarding to work as well, you're officially my hero
We got PF on pia working ages ago! lol I haven't been on this page in a bit, but the mods were supposed to release an official update to the guide for the "new" PIA port request API. give me a few to track down my script and I'll post the "dirty" method I had found =)
I posted what I use on
this thread. This was done for 16.04.
Any changes OP may have outlined to implement to 18.04 likely still need to be made.
Ladies and gentleman, take my advice. Pull down your pants and slide on the ice. -Sidney Freidman
Posts: 2
Threads: 1
Joined: Jan 2019
Reputation:
0
[Not Solved]
Jan 11, 2019, 07:05 PM
Thanks so much for this. I had been banging my head against the wall for days trying to get this setup. Finally got it working yesterday and am able to pass traffic over the vpn. Torrents don't work yet so that's something else to figure out, but at least I'm farther along now.
Posts: 1
Threads: 0
Joined: Sep 2019
Reputation:
0
[Not Solved]
Sep 02, 2019, 03:38 AM
Hello!
I've been struggling with this for hours and hours the past couple days, and the solutions here do in fact cause systemd-resolved to use the correct DNS servers. However, checking with tcpdump and Wireshark show that, at least for me, it uses the correct IP but doesn't actually send the DNS queries over the VPN.
From what little information I could find, it would seem that the way systemd-resolved handles DNS is by sending the query out on all addresses and returning whichever comes back first. Furthermore, this traffic is not caught by the routing and iptables, because the original DNS packet is just sent to the DNS stub at 127.0.0.53. The actual request is then made by the local DNS which is not running as VPN user, so it gets sent out over the main internet connection.
The only way I've found to solve this is by taking the iptables script and changing it so that it marks ALL DNS packets, whether they're from the VPN user or not.
Changing:
iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
To:
iptables -t mangle -A OUTPUT -p udp --dport 53 -j MARK --set-mark 0x1
iptables -t mangle -A OUTPUT -p tcp --dport 53 -j MARK --set-mark 0x1
The downside of this is that your non-vpn user's DNS is also routed through the VPN, however, I'm not experienced enough with iptables and routing to be able to figure out a work-around for that.
Hopefully this is useful to someone,
-EnigmaticWraith
Posts: 6
Threads: 2
Joined: Nov 2018
Reputation:
0
[Not Solved]
Nov 01, 2020, 05:15 PM
I have the issue that if I lose internet connection for a few min and then internet comes back on. I have to "hard"-reboot the server with the power switch as I can not ssh to the server anymore. What did I miss?