What does the iptables
show for the rulesets and chains that are now being applied?
Edit: What user is that rc.local
script running under? Does it have permission to use iptables
commands?
What does the iptables
show for the rulesets and chains that are now being applied?
Edit: What user is that rc.local
script running under? Does it have permission to use iptables
commands?
It's running under root and has rwx permissions, how do I see weather it has permission to use iptables, I think these are the rules and chains you asked for
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:openvpn
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- 10.8.0.0/24 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -p udp -m udp --dport 1194 -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.8.0.0/24 -j ACCEPT
The chains don't really do much. Default policy is ACCEPT for all chains so nothing will be blocked.
Check the nat
table to see if the rules you listed in rc.local
are applied.
How do I check the nat tables?
iptables -t nat <other commands here>
I think they are, this is the output of iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.8.0.0/24 !10.8.0.0/24 to:192.168.1.2
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Okay, then it seems like the rules you have asked to be applied have been applied. It's just a matter of finding out what rules need to be applied. That's not a topic I'm able to assist with.
Okay, thanks for all your help
I just discovered that I no longer have a tun0 interface, which is I expect, why I can't connect. I don't know why I no longer have it, I restarted 4 hours ago to test if the rc.local fix had worked and that's when I couldn't connect anymore, so I expect that's when my tun0 interface disappeared.
Probably the OpenVPN service crashed/stopped?
journalctl -u openvpn
As postrouting rule we btw use -j MASQUERADE
instead of -j SNAT --to 192.168.1.2
. But I'm also no expert in this.
sysctl-wise forwarding is enabled?
sysctl net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1 net.ipv6.conf.default.forwarding=1
This is the output of the first command:
-- Logs begin at Tue 2020-07-07 13:30:23 BST, end at Tue 2020-07-07 15:28:15 BST. --
-- No entries --
The second command executed without error
I changed it to -j MASQUERADE in rc.local and restarted, due to the restart, tun0 reappeared and I was able to connect to the vpn, however, I still don't have an internet connection and am unable to connect to devices on the local network
Could there be some other firewall blocking the connection? I pretty sure that ufw is disabled, but not 100%. I'm very confused though as to why correctly adding the line into the rc.local file could have caused something to stop allowing the connections through even when I manually execute each of the commands I was given earlier in the thread, which worked before the line was correctly added to rc.local.
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.