How to block internet connection when VPN fails?

If none of the more specific forums is the right place to ask

Re: How to block internet connection when VPN fails?

Postby korilius » 2013-11-24 16:18

Nice thread. I understand routing but never had the need to do it on Debian; good stuff.
User avatar
korilius
 
Posts: 410
Joined: 2012-04-10 00:53
Location: US/IN

Re: How to block internet connection when VPN fails?

Postby Danielorum » 2014-01-23 15:51

Hello again!

Remember me? :)

Well, i finally figured out how i wrote the ip table rules into the persistent package. However, i experience that in- and outgoing internet traffic gets blocked when i start the persistent package, or reboot the server. i Do this:

I load the script as always:

./script.sh

i then do:

iptables-save > /etc/iptables/rules

and the rules are wrote into /etc/iptables/rules

The file looks like this:

Code: Select all
# Generated by iptables-save v1.4.8 on Thu Jan 23 16:31:13 2014
*filter
:INPUT DROP [62:3471]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [354:36362]
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -s 192.168.1.0/24 -i eth0 -j ACCEPT
-A INPUT -i tun0 -p tcp -m tcp --dport 11633 -j ACCEPT
-A INPUT -i tun0 -p udp -m udp --dport 11633 -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -p udp -m udp --dport 138 -j ACCEPT
-A OUTPUT -d 192.168.1.0/24 -o eth0 -p udp -m udp --dport 137 -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -d xx.xx.xx.xx/xx -j ACCEPT
-A OUTPUT -o eth0 -j LOG
-A OUTPUT -o eth0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Thu Jan 23 16:31:13 2014


if i reboot or do:

service iptables.persistent start

I get no connection to the outside. I can still access my server through LAN connnection.

when i do:

curl ifconfig.me

i get this:

curl: (6) Couldn't resolve host 'ifconfig.me'

If i clear out the rules and reboot, everything is working fine again. Also if i run the "script.sh" with the rules it works as it has always done.
The "rules" file have octal: 0644

What do you make if this?

Thanks a bunch once more! :)
Danielorum
 
Posts: 32
Joined: 2013-10-21 17:47

Re: How to block internet connection when VPN fails?

Postby M51 » 2014-01-23 18:24

Do you mean you can't establish a vpn connection, or can't access anything after a vpn connection is made?

What's being blocked according to the log?
M51
 
Posts: 397
Joined: 2013-05-13 01:38

Re: How to block internet connection when VPN fails?

Postby Danielorum » 2014-01-24 12:13

I mean that i cant access anything on the outside of my network, when the rules have been applied to the persistent-package, and started. This is either when the vpn service is running and if i have shut it down. i did this:

/etc/init.d/openvpn stop

and resetting the network card, but still i cant get internet access. It seems like the persistent-package somehow blocks access...

This command:

tail -F /var/log/syslog

gave me this output:


Code: Select all
Jan 24 12:30:50 my-vpn-service[1895]: RESOLVE: Cannot resolve host address: my-vpn-service.com: [HOST_NOT_FOUND] The specified host is unknown.
Jan 24 12:30:50 openmediavault kernel: [  120.347867] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20622 DF PROTO=UDP SPT=59693 DPT=53 LEN=40
Jan 24 12:30:50 openmediavault kernel: [  120.347894] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20622 DF PROTO=UDP SPT=51779 DPT=53 LEN=40
Jan 24 12:30:50 openmediavault kernel: [  120.347919] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20622 DF PROTO=UDP SPT=36195 DPT=53 LEN=40
Jan 24 12:30:50 openmediavault kernel: [  120.347950] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20622 DF PROTO=UDP SPT=33922 DPT=53 LEN=40
Jan 24 12:30:50 openmediavault kernel: [  120.347974] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20622 DF PROTO=UDP SPT=51281 DPT=53 LEN=40
Jan 24 12:30:50 openmediavault kernel: [  120.347997] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20622 DF PROTO=UDP SPT=50715 DPT=53 LEN=40
Jan 24 12:30:50 openmediavault kernel: [  120.348045] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=20623 DF PROTO=UDP SPT=37967 DPT=53 LEN=40
Jan 24 12:30:55 my-vpn-service[1895]: RESOLVE: Cannot resolve host address: my-vpn-service.com: [HOST_NOT_FOUND] The specified host is unknown.
Jan 24 12:30:55 openmediavault kernel: [  125.348509] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21873 DF PROTO=UDP SPT=47752 DPT=53 LEN=40
Jan 24 12:30:55 openmediavault kernel: [  125.348566] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21873 DF PROTO=UDP SPT=34005 DPT=53 LEN=40
Jan 24 12:30:55 openmediavault kernel: [  125.348591] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21873 DF PROTO=UDP SPT=46351 DPT=53 LEN=40
Jan 24 12:30:55 openmediavault kernel: [  125.348615] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21873 DF PROTO=UDP SPT=48185 DPT=53 LEN=40
Jan 24 12:30:55 openmediavault kernel: [  125.348645] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21873 DF PROTO=UDP SPT=51412 DPT=53 LEN=40
Jan 24 12:30:55 openmediavault kernel: [  125.348673] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21873 DF PROTO=UDP SPT=50740 DPT=53 LEN=40
Jan 24 12:30:55 openmediavault kernel: [  125.348697] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21873 DF PROTO=UDP SPT=43808 DPT=53 LEN=40
Jan 24 12:30:55 openmediavault kernel: [  125.348720] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=21873 DF PROTO=UDP SPT=59430 DPT=53 LEN=40
Jan 24 12:31:00 my-vpn-service[1895]: RESOLVE: Cannot resolve host address: my-vpn-service.com: [HOST_NOT_FOUND] The specified host is unknown.
Jan 24 12:31:00 openmediavault kernel: [  130.349109] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23123 DF PROTO=UDP SPT=58696 DPT=53 LEN=40
Jan 24 12:31:00 openmediavault kernel: [  130.349165] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23123 DF PROTO=UDP SPT=54109 DPT=53 LEN=40
Jan 24 12:31:00 openmediavault kernel: [  130.349190] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23123 DF PROTO=UDP SPT=38870 DPT=53 LEN=40
Jan 24 12:31:00 openmediavault kernel: [  130.349214] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23123 DF PROTO=UDP SPT=57717 DPT=53 LEN=40
Jan 24 12:31:00 openmediavault kernel: [  130.349245] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23123 DF PROTO=UDP SPT=56399 DPT=53 LEN=40
Jan 24 12:31:00 openmediavault kernel: [  130.349268] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23123 DF PROTO=UDP SPT=52345 DPT=53 LEN=40
Jan 24 12:31:00 openmediavault kernel: [  130.349292] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23123 DF PROTO=UDP SPT=51690 DPT=53 LEN=40
Jan 24 12:31:00 openmediavault kernel: [  130.349316] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=23123 DF PROTO=UDP SPT=48422 DPT=53 LEN=40
Jan 24 12:31:05 my-vpn-service[1895]: RESOLVE: Cannot resolve host address: my-vpn-service.com: [HOST_NOT_FOUND] The specified host is unknown.
Jan 24 12:31:05 openmediavault kernel: [  135.349712] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24373 DF PROTO=UDP SPT=58964 DPT=53 LEN=40
Jan 24 12:31:05 openmediavault kernel: [  135.349771] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24373 DF PROTO=UDP SPT=44290 DPT=53 LEN=40
Jan 24 12:31:05 openmediavault kernel: [  135.349798] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24373 DF PROTO=UDP SPT=51494 DPT=53 LEN=40
Jan 24 12:31:05 openmediavault kernel: [  135.349823] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24373 DF PROTO=UDP SPT=60726 DPT=53 LEN=40
Jan 24 12:31:05 openmediavault kernel: [  135.349854] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24373 DF PROTO=UDP SPT=36489 DPT=53 LEN=40
Jan 24 12:31:05 openmediavault kernel: [  135.349878] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24373 DF PROTO=UDP SPT=55027 DPT=53 LEN=40
Jan 24 12:31:05 openmediavault kernel: [  135.349902] IN= OUT=eth0 SRC=192.168.1.52 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=24373 DF PROTO=UDP SPT=60233 DPT=53 LEN=40


So this goes on and on.

I hope this answers your question...else please let me know!
Danielorum
 
Posts: 32
Joined: 2013-10-21 17:47

Re: How to block internet connection when VPN fails?

Postby M51 » 2014-01-24 15:25

The log indicates outbound DNS queries are being blocked. The rules we put together are specifically designed to do just that, to prevent DNS leaks when the vpn drops. The rules will block all non-vpn outbound access except what we specifically allowed.

If you really need to access the outside world from that machine while not connected to a vpn, then you need to run iptables -F to flush the rules. All access will be restored until you either reboot or re-run the rules script.
M51
 
Posts: 397
Joined: 2013-05-13 01:38

Re: How to block internet connection when VPN fails?

Postby Danielorum » 2014-01-24 19:10

I see that i am a. Clown at describing these things. I might not have been precise enough in my description of my problem.

It works great with the script which adds the ip table rules while im connected to the vpn. I only want to access the internet from my server through a vpn. Now i want the ip table rules to Stick so that they are automatically applied when the server is rebooted. But when i apply the rules to the persistent-package program the internet connection is blocked. Is there a command where i can log and see what is preventing my server from reaching the internet?
Danielorum
 
Posts: 32
Joined: 2013-10-21 17:47

Re: How to block internet connection when VPN fails?

Postby M51 » 2014-01-25 05:50

So if you just run the script, you can still access your vpn and everything is ok, but if you apply the rules via the iptables-persistent package, then you can no longer connect to the vpn at all?
M51
 
Posts: 397
Joined: 2013-05-13 01:38

Re: How to block internet connection when VPN fails?

Postby Danielorum » 2014-01-25 16:16

Yes that is correct. Exactly what is the problem...
Danielorum
 
Posts: 32
Joined: 2013-10-21 17:47

Re: How to block internet connection when VPN fails?

Postby M51 » 2014-01-25 21:16

I don't understand why the behavior would be different between running it manually and using iptables-persistent.

I'm wondering about the following line in your log:

Code: Select all
Jan 24 12:30:55 my-vpn-service[1895]: RESOLVE: Cannot resolve host address: my-vpn-service.com: [HOST_NOT_FOUND] The specified host is unknown.


Obviously "my-vpn-service" is trying to resolve a DNS host. But if you can't connect to the vpn, DNS queries will not work. Is it possible your vpn is trying to connect by host name instead of by ip address? How do you connect, e.g. by openvpn command line, network manager, other software?
M51
 
Posts: 397
Joined: 2013-05-13 01:38

Re: How to block internet connection when VPN fails?

Postby Danielorum » 2014-01-25 22:58

I installed openvpn as such:

sudo apt-get install openvpn resolvconf
And i copied some files i recieved from my vpn provider into the openvpn folder. Certificates i think...

It is wierd, because it immediately says " Couldn't resolve host 'ifconfig.me'"
when i do:
curl ifconfig.me
And ofcourse persistent-package running with the rules.

In my UI for the server, i have 8.8.8.8 (googles dns server) as primary. And nothing as secondary. If i remove this DNS server entry from the UI OR enter the other dns server i find in resolv.conf, (probably the DNS for my VPN provider) in my UI as primary instead of the 8.8.8 one, i get he same error. But now, it takes like 10 seconds before it responds with "Couldn't resolve host 'ifconfig.me'".

I reboot my server every time i make a change.. just to be sure the settings have been applied properly. I really dont understand what is going on here. Don't you think this is a DNS issue?

I hope it makes sense.. :)
Danielorum
 
Posts: 32
Joined: 2013-10-21 17:47

Re: How to block internet connection when VPN fails?

Postby M51 » 2014-01-26 03:02

"curl ifconfig.me" is only going to work if you manage to connect to the vpn first.

We need to figure out why you can't connect to the vpn. What happenes when you try?

Typically, you will also get some *.ovpn files from your vpn provider. They will be text files which include a line which begins with the word 'remote' followed by an ip address and possibly a port number. This is where the script gets the ip addresses of your vpn servers to add to the ip tables rules.
M51
 
Posts: 397
Joined: 2013-05-13 01:38

Re: How to block internet connection when VPN fails?

Postby Danielorum » 2014-01-26 22:37

yes i have found the hostname i'm connecting with. It's not an IP address. No port is specified in the remote line. But, some text tells me that if im behind a very strict firewall, i can use their tunnels on tcp port 443 and on udp 53.

When i do:
iptables -L -n
i get a whole bunch of IP addresses thats associated with my VPN. So somehow i get all the VPN's ip addresses...!

Now when i add the rules to the persistent package and start it, i loose internet connection. VPN says that its running and restarting it dosen't help. Only when i delete the rules, and restart the server again, can i get a connection to the outside. Perhaps the problem lies with the persistent package? Because the rules works fine when i just execute the script. Woulden't it just be easier to somehow just make my debian system run the "script.sh" first thing after it boots up? So we avoid using the persistent-package?
Danielorum
 
Posts: 32
Joined: 2013-10-21 17:47

Re: How to block internet connection when VPN fails?

Postby M51 » 2014-01-27 13:46

Danielorum wrote:yes i have found the hostname i'm connecting with. It's not an IP address.


This is the problem.
I highly doubt it relates to the iptables-persistent package. Somehow you are doing things differently when running the script manually. Perhaps the name has already been resolved and cached at that point.

Anyway, if you just want to run the script at boot, add a line to /etc/rc.local which runs the script (just above the exit line). Keep in mind that since rc.local runs last at boot and does not use dependency based ordering like a true init script, there will be a small window of time after the network starts but before the script has run where the rules are not in effect. Probably not a big deal.
M51
 
Posts: 397
Joined: 2013-05-13 01:38

Re: How to block internet connection when VPN fails?

Postby Danielorum » 2014-01-31 11:07

Yes it did the trick.. i entered the command into:

/etc/rc.local

And it works now.. Thanks so much :)
Danielorum
 
Posts: 32
Joined: 2013-10-21 17:47

Re: How to block internet connection when VPN fails?

Postby Danielorum » 2014-05-02 04:53

Hello again.

Last time we spoke i couldent run the script with iptable rules, if i had them loaded into the persistent package and rebooted. Instead i tried running the script at startup with:

/etc/rc.local

but it only worked for a short couple of reboots. I also tried:

crontab -e

and made the script start at reboot "@reboot" but this also only lasted untill i rebotted a couple of times!!!!

Now im running the script on my raspberry pi instead, and i get the exact same problem:

tail -F /var/log/syslog
gives me this:

Code: Select all
May  2 06:11:55 raspberrypi ovpn-xxxxxx_xxxx[2269]: RESOLVE: Cannot resolve host address: my.vpnservice.net: [TRY_AGAIN] A temporary error occurred on an authoritative name server.
May  2 06:11:55 raspberrypi kernel: [  352.728416] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6524 DF PROTO=UDP SPT=43280 DPT=53 LEN=40
May  2 06:11:55 raspberrypi kernel: [  352.728841] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6525 DF PROTO=UDP SPT=36739 DPT=53 LEN=40
May  2 06:12:00 raspberrypi kernel: [  357.732380] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6526 DF PROTO=UDP SPT=42315 DPT=53 LEN=40
May  2 06:12:00 raspberrypi kernel: [  357.732811] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6527 DF PROTO=UDP SPT=34426 DPT=53 LEN=40
May  2 06:12:00 raspberrypi kernel: [  357.733165] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6528 DF PROTO=UDP SPT=50955 DPT=53 LEN=40
May  2 06:12:00 raspberrypi kernel: [  357.733574] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6529 DF PROTO=UDP SPT=57921 DPT=53 LEN=40
May  2 06:12:00 raspberrypi ovpn-xxxxx_xxxxx[2269]: RESOLVE: Cannot resolve host address: my.vpnservice.net: [TRY_AGAIN] A temporary error occurred on an authoritative name server.
May  2 06:12:00 raspberrypi kernel: [  357.736924] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6530 DF PROTO=UDP SPT=53600 DPT=53 LEN=40
May  2 06:12:00 raspberrypi kernel: [  357.737332] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6531 DF PROTO=UDP SPT=38607 DPT=53 LEN=40
May  2 06:12:00 raspberrypi kernel: [  357.737682] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6532 DF PROTO=UDP SPT=41120 DPT=53 LEN=40
May  2 06:12:00 raspberrypi kernel: [  357.738029] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6533 DF PROTO=UDP SPT=50803 DPT=53 LEN=40
May  2 06:12:05 raspberrypi ovpn-xxxxx_xxxxx[2269]: RESOLVE: Cannot resolve host address: my.vpnservice.net: [TRY_AGAIN] A temporary error occurred on an authoritative name server.
May  2 06:12:05 raspberrypi kernel: [  362.740626] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6534 DF PROTO=UDP SPT=40432 DPT=53 LEN=40
May  2 06:12:05 raspberrypi kernel: [  362.741058] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6535 DF PROTO=UDP SPT=43431 DPT=53 LEN=40
May  2 06:12:05 raspberrypi kernel: [  362.741414] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6536 DF PROTO=UDP SPT=59058 DPT=53 LEN=40
May  2 06:12:05 raspberrypi kernel: [  362.741762] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6537 DF PROTO=UDP SPT=35246 DPT=53 LEN=40
May  2 06:12:05 raspberrypi kernel: [  362.742171] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6538 DF PROTO=UDP SPT=57676 DPT=53 LEN=40
May  2 06:12:05 raspberrypi kernel: [  362.742524] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6539 DF PROTO=UDP SPT=37033 DPT=53 LEN=40
May  2 06:12:05 raspberrypi kernel: [  362.742869] IN= OUT=eth0 SRC=192.168.1.46 DST=8.8.8.8 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=6540 DF PROTO=UDP SPT=57042


Do you think it would solve the problem if i made rules, allowing all my vpn-providers IP addresses? and perhaps the hostnames?

I just really think there is an easier way of doing this, than loading the "script.sh" manually and cross my fingers that my systems dosent reboot.
I noticed that if i didnt specify a dns in "/etc/network/interfaces" i couldent reach the outside, when connected to the vpn and had the rules manually applied.
I added 8.8.8.8 as dns and that worked. But again, this was only if i loaded the script.sh manually.

Forgive me for bringing this old thread up, but i have been wanted to ask you about this again for some time now.

Again, thanks for your time!
Danielorum
 
Posts: 32
Joined: 2013-10-21 17:47

PreviousNext

Return to General Questions

Who is online

Users browsing this forum: No registered users and 19 guests

fashionable