Openvpn, Mullvad and iptables problem with connection
Hi, This is my first time posing here but I have been browsing for a while and at times I have been a little intimidated by the amount of knowledge. I have been using Slackware seriously for a month or so, after migrating from debian and have had no problems that a little bit of research and a lot of 'lets try that again' hasn't been able to solve so i would welcome any suggestions and patience that could be offered. Thank you.
I have a subscription to Mullvad vpn and over this week have been trying to get it working on slackware. Previously I had used the app on debian with no problem. Initially i tried to butcher the nordvpn slackbuild I found and I got the mullvad app working but it didn't connect... obviously i put this down to my incompetence so I tried another avenue and used networkmanager-openvpn. There was plenty of documentation on the mullvad site and although it seemed to connect I was unable to browse. Again, I tried another method from slackware documentation, using openvpn directly with: Code:
openvpn --config /path_to_file/mullvad_xx_got.ovpn It authenticated and I verified with: Code:
$ curl https://am.i.mullvad.net/connected Quote:
$ iptables -S Code:
-P INPUT DROP Once again any patience would be hugely appreciated. Thank you... fyv3r. |
A quick Google search indicates that Mullvad uses either OpenVPN or WireGuard. Both will create a Layer 3 interface through which all VPN traffic is routed.
Your firewall script contains references to two interfaces: loopback (lo) and wlan0. Outbound traffic going through any other interface will hit the DROP policy of the OUTPUT chain. Find the name of the VPN interface by running ifconfig or ip link list before and after connecting to Mullvad. Then edit the firewall script to include the relevant interface. And yes, I strongly recommend you get acquainted with iptables, as it's an incredibly powerful firewall tool. |
@fyv3r
Just to simplify a little bit the good advice Ser Olmy provided, once you figured out the name of the VPN interface (should be tun0), edit the firewall you got generated and duplicate all the wlan0 lines with the new interface, keeping the actual order. Start with - example: Code:
-A INPUT -i wlan0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT If you're looking for a simpler one, "careless" and dropping all the unneeded traffic, allowing just what's relevant, then you could use/start with this one: https://www.linuxquestions.org/quest...ml#post6044000 P.S. In any case, make sure you bring up the VPN before you launch the firewall, otherwise the VPN interface is not yet defined and the firewall rules won't apply. An alternative would be to create a dummy VPN interface in /etc/rc.d/rc.inet2, just before launching rc.firewall, with the exact name as the one created by the VPN (again, should be tun0). Example: Code:
/usr/sbin/openvpn --mktun --dev tun0 |
I'm sorry I hadn't replied before. Thank you both for your help. @abga Thank you for the link, I have been playing around with it and managed to get everything working :)
|
All times are GMT -5. The time now is 10:42 PM. |