Split Tunneling or working around a VPN

win_the_day_go_ducks · 10-05-2014, 02:26 PM

Disclaimer: I am a newb to Linux, and I am not a network administrator. I have a working knowledge of both of these things, but I'm no where near as proficient or smart as the rest of you. If I don't get things right away, please be patient. I know what I'm trying to do is difficult… at least it is for me.

My goal is to build and implement this network.

Long story short. I am trying to make a home file/media server. I have been installing and testing different parts. I have had a lot of luck getting the different services to work. I've gotten Plex to work and share remotely. I have gotten Samba to somewhat work as well. My biggest problem is when I try to implement my VPN.

Whenever I connect my VPN via a client app (Private Internet Access) I cannot see my pled app remotely (iPhone) or locally. I tried uninstalling the app and using the .ovpn files provided by PIA. The only time I had some success was in using static routes embedded in the *.ovpn files. This allows my clients to connect to plex locally, but I still can't see it remotely. I should also point out that this only worked when using the GUI network manager. When I run open VPN in the shell it now give me this:

Code:

Sun Oct  5 12:22:08 2014 OpenVPN 2.3.2 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on Feb  4 2014
Sun Oct  5 12:22:08 2014 WARNING: file '/home/moshofsky/vpn/configs/pass.txt' is group or others accessible
Sun Oct  5 12:22:08 2014 UDPv4 link local: [undef]
Sun Oct  5 12:22:08 2014 UDPv4 link remote: [AF_INET]46.166.186.247:1194
Sun Oct  5 12:22:09 2014 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sun Oct  5 12:22:10 2014 [Private Internet Access] Peer Connection Initiated with [AF_INET]46.166.186.247:1194
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 184.72.0.0/18: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 184.72.0.0/18
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 50.18.0.0/16: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 50.18.0.0/16
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 184.169.128.0/17: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 184.169.128.0/17
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 54.241.0.0/16: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 54.241.0.0/16
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 54.215.0.0/16: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 54.215.0.0/16
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 54.219.0.0/16: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 54.219.0.0/16
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 54.193.0.0/16: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 54.193.0.0/16
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 54.176.0.0/15: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 54.176.0.0/15
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 54.183.0.0/16: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 54.183.0.0/16
Sun Oct  5 12:22:13 2014 RESOLVE: Cannot resolve host address: 54.67.0.0/16: Name or service not known
Sun Oct  5 12:22:13 2014 OpenVPN ROUTE: failed to parse/resolve route for host/network: 54.67.0.0/16
Sun Oct  5 12:22:13 2014 TUN/TAP device tun0 opened
Sun Oct  5 12:22:13 2014 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Sun Oct  5 12:22:13 2014 /sbin/ip link set dev tun0 up mtu 1500
Sun Oct  5 12:22:13 2014 /sbin/ip addr add dev tun0 local 10.101.1.6 peer 10.101.1.5
Sun Oct  5 12:22:13 2014 Initialization Sequence Completed

This is a copy of my .ovpn file

Code:

client
dev tun
proto udp
remote nl.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca /home/moshofsky/vpn/configs/ca.crt
tls-client
remote-cert-tls server
auth-user-pass  /home/moshofsky/vpn/configs/pass.txt
comp-lzo
verb 1
reneg-sec 0
crl-verify /home/moshofsky/vpn/configs/crl.pem


#keep connection alive
keepalive 10 60

#add static routes to my.plexapp.com(might need more IPs adding if they change)
#route 184.169.0.0 255.255.0.0 192.168.2.1
#route 54.241.12.23 255.255.255.255 192.168.2.1
#route 184.169.179.97 255.255.255.255 192.168.2.1
#204.236.128.0/18 (204.236.128.0 - 204.236.191.255)
#iptables -t nat -I PREROUTING -i tun1 -p tcp --dport 32400 -j DNAT --to-destination 192.168.2.121

#(184.72.0.0 - 184.72.63.255)
route 184.72.0.0/18 192.168.2.121
#(50.18.0.0 - 50.18.255.255)
route 50.18.0.0/16 192.168.2.121
#(184.169.128.0 - 184.169.255.255)
route 184.169.128.0/17 192.168.2.121
#(54.241.0.0 - 54.241.255.255)
route 54.241.0.0/16 192.168.2.121
#(54.215.0.0 - 54.215.255.255)
route 54.215.0.0/16 192.168.2.121
#(54.219.0.0 - 54.219.255.255)
route 54.219.0.0/16 192.168.2.121
#(54.193.0.0 - 54.193.255.255)
route 54.193.0.0/16 192.168.2.121
#(54.176.0.0 - 54.177.255.255)
route 54.176.0.0/15 192.168.2.121
#(54.183.0.0 - 54.183.255.255)
route 54.183.0.0/16 192.168.2.121
# (54.67.0.0 - 54.67.255.255) NEW
route 54.67.0.0/16 192.168.2.121


# http://www.dnswatch.info/dns/dnslookup?la=en&host=plex.tv&type=A&submit=Resolve
route 50.18.124.245 255.255.255.255 192.168.2.121
route 50.18.179.146 255.255.255.255 192.168.2.121
route 54.241.12.23 255.255.255.255 192.168.2.121
route 184.72.56.250 255.255.255.255 192.168.2.121
route 184.169.179.97 255.255.255.255 192.168.2.121

Some people have said that i need to use static routes for the IP addresses Plex uses (amazon web services list), others say it's an issue with the ports. When I am not connected to a VPN I use port 32400 (the stock port for Plex) and it connects fine. When the VPN is connected, that port is blocked. I can force Plex to use an open port, let's say 80. But it still doesn't matter, it won't connect remotely. I read in one tutorial that the port has to be redirected back to the 32400 via a virtual host.

A lot of people have been telling me to create a virtual machine to do all the VPN stuff. I think that is a drastic waste of resources, I think there has to be a more efficient way.

I saw someone else on Reddit was having a similar issue and someone was suggesting to use the redirect-gateway command.

I have received a lot of advice telling me that I need to tunnel around my vpn. The problem is I have no idea how to do that, redirect gateways, or virtual hosts. I feel like a complete idiot. I've been trying to get this thing to work for over a month now and I have hit so many dead ends. I've re-installed linux mint on my machine and I'm ready to give this another go. I've tried the gui route so many times and have failed. If anyone out there in internet land can help me, I would be ever so grateful.

Again, I apologize for my ignorance.

halvy · 10-05-2014, 06:31 PM

Wouldn't tunnling around vpn defeat the purpose?

The error messages are pointing to a dns/reslov issue.. no?

win_the_day_go_ducks · 10-05-2014, 07:43 PM

Quote:

Originally Posted by halvy

Wouldn't tunnling around vpn defeat the purpose?

The error messages are pointing to a dns/reslov issue.. no?

That is the point. Yes, I want to bypass the VPN for a specific program to connect to my cell phone.

As for the DNS resolve, that could be it. But I have no idea how to fix it.