Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I messaged the dude on that forum already 2 weeks ago but still haven't got a reply, I think he's inactive.
I thought that maybe the localhost ip he gives might not correspond with my ip on the linux machine but have no clue where to check or if it really is the problem, just trying to troubleshoot.
Quote:
echo "iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> /tmp/iptables.vpn
echo "iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT" >> /tmp/iptables.vpn
What I want to happen is that when my vpn drops, my main connection immediately drops too until vpn is started again. I am a complete noob and have no clue how to set this up other than the guide above.
I am using network manager with openvpn addon for it.
Hi, it looks to me like this procedure adds hosts or subnets to iptables and looking at the script quickly its adding the following:
- PIA server ipsa
- localhost (127.0.0.1)
- anything i/o on interface "tun" which is usually a virtual interface created when you hook up your VPN
- anything on the local 192.168.0.0/24 network
Then at the end it looks like a deny all, well usually when you configure an ACL you stick a deny all at the end.
You say when you run this, afterwards your internet doesn't work and I think I might know why, when you try to connect to the PIA server (to setup the VPN connection right?) your computer needs to know which interface to send the packet out of. Your routing table might be configured to route to a default gateway like your home router on 192.168.0.1 which might be on eth0 interface for example. However it seems like iptables is only allowing access to the tun* interface, although access is allowed to the local network it depends on what your default gateway is in your routing table. Perhaps after you connect to your VPN you could post the output of "route -n" which will show what your default gateway is.
Unfortunately I haven't really used iptables at all, although I do have some understanding of ip networking and ACLs, perhaps you should do this:
1. Startup your machine.
2. Post the output of "route -n", "ifconfig -a" and the output of iptables (not sure of the syntax)
3. Connect to your VPN, repeat post the details in #2
4. Run your script, repeat post the details in #2
Thank you for the reply and sorry for my late response as I've been having troubles with my rig. Anyway by output of iptables do you mean the contents of iptables.vpn file?
Here are some of the other details you requested:
Quote:
VPN Turned off:
bash-4.2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.