LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-16-2013, 01:02 PM   #1
Greenjorn
LQ Newbie
 
Registered: Jun 2013
Distribution: Slack 14 64x
Posts: 13

Rep: Reputation: Disabled
Stopping DNS leak with VPN - need help with setup


I have PIA vpn and on slackware. I found this guide but when I run it I lose my internet connection completely. I need help setting it up.

https://www.privateinternetaccess.co...5#Comment_1605

I messaged the dude on that forum already 2 weeks ago but still haven't got a reply, I think he's inactive.

I thought that maybe the localhost ip he gives might not correspond with my ip on the linux machine but have no clue where to check or if it really is the problem, just trying to troubleshoot.

Quote:

echo "iptables -A INPUT -s 127.0.0.1 -j ACCEPT" >> /tmp/iptables.vpn
echo "iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT" >> /tmp/iptables.vpn
What I want to happen is that when my vpn drops, my main connection immediately drops too until vpn is started again. I am a complete noob and have no clue how to set this up other than the guide above.

I am using network manager with openvpn addon for it.
 
Old 06-17-2013, 07:03 AM   #2
moody_mark
LQ Newbie
 
Registered: Jan 2010
Posts: 10

Rep: Reputation: 1
Hi, it looks to me like this procedure adds hosts or subnets to iptables and looking at the script quickly its adding the following:

- PIA server ipsa
- localhost (127.0.0.1)
- anything i/o on interface "tun" which is usually a virtual interface created when you hook up your VPN
- anything on the local 192.168.0.0/24 network

Then at the end it looks like a deny all, well usually when you configure an ACL you stick a deny all at the end.

You say when you run this, afterwards your internet doesn't work and I think I might know why, when you try to connect to the PIA server (to setup the VPN connection right?) your computer needs to know which interface to send the packet out of. Your routing table might be configured to route to a default gateway like your home router on 192.168.0.1 which might be on eth0 interface for example. However it seems like iptables is only allowing access to the tun* interface, although access is allowed to the local network it depends on what your default gateway is in your routing table. Perhaps after you connect to your VPN you could post the output of "route -n" which will show what your default gateway is.

Unfortunately I haven't really used iptables at all, although I do have some understanding of ip networking and ACLs, perhaps you should do this:

1. Startup your machine.
2. Post the output of "route -n", "ifconfig -a" and the output of iptables (not sure of the syntax)
3. Connect to your VPN, repeat post the details in #2
4. Run your script, repeat post the details in #2

Thanks
 
Old 06-18-2013, 10:22 PM   #3
Greenjorn
LQ Newbie
 
Registered: Jun 2013
Distribution: Slack 14 64x
Posts: 13

Original Poster
Rep: Reputation: Disabled
Thank you for the reply and sorry for my late response as I've been having troubles with my rig. Anyway by output of iptables do you mean the contents of iptables.vpn file?

Here are some of the other details you requested:

Quote:

VPN Turned off:

bash-4.2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

bash-4.2# ifconfig -a
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:1f:bc:01:7f:26 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 46 base 0x6000

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.144 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::74df:69ff:fec1:8db2 prefixlen 64 scopeid 0x20<link>
ether 76:df:69:c1:8d:b2 txqueuelen 1000 (Ethernet)
RX packets 2273 bytes 1742371 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2198 bytes 454731 (444.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 47 base 0xc000

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 36 bytes 2132 (2.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 36 bytes 2132 (2.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0



With VPN Turned on:


bash-4.2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.108.1.5 0.0.0.0 UG 0 0 0 tun0
10.108.1.1 10.108.1.5 255.255.255.255 UGH 0 0 0 tun0
10.108.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
109.201.154.145 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1


bash-4.2# ifconfig -a
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:1f:bc:01:7f:26 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 46 base 0x6000

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.144 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::74df:69ff:fec1:8db2 prefixlen 64 scopeid 0x20<link>
ether 76:df:69:c1:8d:b2 txqueuelen 1000 (Ethernet)
RX packets 2206 bytes 1720744 (1.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2114 bytes 438842 (428.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 47 base 0xc000

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 33 bytes 1976 (1.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 33 bytes 1976 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.116.1.6 netmask 255.255.255.255 destination 10.116.1.5
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 2141 bytes 1563679 (1.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2039 bytes 278604 (272.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


With script and vpn runningconnection drops)

bash-4.2# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.108.1.5 0.0.0.0 UG 0 0 0 tun0
10.108.1.1 10.108.1.5 255.255.255.255 UGH 0 0 0 tun0
10.108.1.5 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
109.201.154.145 192.168.1.1 255.255.255.255 UGH 0 0 0 eth1
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1



ifconfig -a
eth0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 00:1f:bc:01:7f:26 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 46 base 0xe000

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.144 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::74df:69ff:fec1:8db2 prefixlen 64 scopeid 0x20<link>
ether 76:df:69:c1:8d:b2 txqueuelen 1000 (Ethernet)
RX packets 3640 bytes 2683586 (2.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3327 bytes 649844 (634.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device interrupt 47 base 0xe000

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 16436
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 107 bytes 7424 (7.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 107 bytes 7424 (7.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.108.1.6 netmask 255.255.255.255 destination 10.108.1.5
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 1219 bytes 712347 (695.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1732 bytes 287401 (280.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

Last edited by Greenjorn; 06-18-2013 at 10:35 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help in stopping DNS requests (DNS Amplification) accessthecloud Linux - Server 2 02-18-2013 04:43 PM
mandrake 10.2 and stopping dns salterl Linux - Networking 5 10-07-2005 07:06 AM
What VPN client under debian is stopping me from accessing the internet? shodekiagari Linux - Networking 5 01-07-2005 08:52 PM
Stopping VPN Client allelopath Linux - Networking 1 09-14-2004 06:38 PM
Stopping setup after 1st CD -- what's on CD#2? quartertone Slackware - Installation 8 01-29-2004 11:57 PM


All times are GMT -5. The time now is 04:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration