[Not Solved]
Nov 17, 2018, 11:10 PM
(This post was last modified: Nov 17, 2018, 11:10 PM by pcengine.)
I'm trying to setup a split tunnel according to the guide at: https://www.htpcguides.com/force-torrent...ntu-16-04/ with in my case using Debian 9. The vpn provider i'm using is AirVPN. I followed everything and when i curl ipinfo.io using my default user or with the vpn user i get an ip address of the vpn. Can anyone give my some insight to solve this?
My network interface is: eno1
My local server ip is: 192.168.2.18
My gateway address is: 192.168.2.254
Here is the output of my openvpn.service:
iptables with a few things unreachable. Could this be the problem?
My network interface is: eno1
My local server ip is: 192.168.2.18
My gateway address is: 192.168.2.254
Here is the output of my openvpn.service:
Code:
openvpn@openvpn.service - OpenVPN connection to openvpn
Loaded: loaded (/etc/systemd/system/openvpn@openvpn.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2018-11-17 23:14:36 CET; 51min ago
Docs: man:openvpn(8)
https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage
https://community.openvpn.net/openvpn/wiki/HOWTO
Process: 542 ExecStart=/usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn
Main PID: 549 (openvpn)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/system-openvpn.slice/openvpn@openvpn.service
└─549 /usr/sbin/openvpn --daemon ovpn-openvpn --status /run/openvpn/openvpn.status 10 --cd /etc/openvpn --scrip
Nov 17 23:14:47 debianbak ovpn-openvpn[549]: TUN/TAP device tun0 opened
Nov 17 23:14:47 debianbak ovpn-openvpn[549]: TUN/TAP TX queue length set to 100
Nov 17 23:14:47 debianbak ovpn-openvpn[549]: do_ifconfig, tt->did_ifconfig_ipv6_setup=0
Nov 17 23:14:47 debianbak ovpn-openvpn[549]: /sbin/ip link set dev tun0 up mtu 1500
Nov 17 23:14:47 debianbak ovpn-openvpn[549]: /sbin/ip addr add dev tun0 10.7.32.159/24 broadcast 10.7.32.255
Nov 17 23:14:47 debianbak ovpn-openvpn[549]: /etc/openvpn/iptables.sh tun0 1500 1553 10.7.32.159 255.255.255.0 init
Nov 17 23:14:53 debianbak ovpn-openvpn[549]: /sbin/ip route add 109.202.107.9/32 via 192.168.2.254
Nov 17 23:14:53 debianbak ovpn-openvpn[549]: /sbin/ip route add 0.0.0.0/1 via 10.7.32.1
Nov 17 23:14:53 debianbak ovpn-openvpn[549]: /sbin/ip route add 128.0.0.0/1 via 10.7.32.1
Nov 17 23:14:53 debianbak ovpn-openvpn[549]: Initialization Sequence Completed
Code:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i tun0 -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -i tun0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o lo -m owner --uid-owner 1001 -j ACCEPT
-A OUTPUT -o tun0 -m owner --uid-owner 1001 -j ACCEPT
-A OUTPUT ! -s 192.168.2.18/32 -o eno1 -j REJECT --reject-with icmp-port-unreachable
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere owner UID match vpn
ACCEPT all -- anywhere anywhere owner UID match vpn
REJECT all -- !192.168.2.18 anywhere reject-with icmp-port-unreachable