happysmash27
Apprentice
Joined: 28 Mar 2016
Posts: 220
|
 Posted: Sat Jan 06, 2018 8:19 am Post subject: VPN on home router, do not want connected devices to use |
 |
|
This is probably one of the harder things to phrase. I can't even title this well...
Basically, I use my PC as a home router, because I don't want to spend the money to buy anything else to use as a router. Recently, I decided to use a VPN. However, when I configure this on my PC/home router, all of the other devices are unable to connect to the internet. I fixed this by enabling masquarade for the VPN, but all of the devices are now going through the VPN. I tried to fix this issue by using the guide at https://prosauce.org/blog/2010/12/22/route-based-on-source-ip-address-linux-bsd.html, but now, I can't figure out how to make the rules permanent. Note that the examples listed below are not the results of the temporary fix at https://prosauce.org/blog/2010/12/22/route-based-on-source-ip-address-linux-bsd.html, but of the boot scripts.
/etc/conf.d/net.wlp6s0:
| Code: | # Set the dns_domain_lo variable to the selected domain name
dns_domain_lo="x86_64-Pig"
config_enp8s0f0="dhcp"
modules_wlp6s0="!iwconfig !wpa_supplicant"
config_wlp6s0="192.168.27.1/24 brd 192.168.27.255"
routes_wlp6s0=("flush 270"
"table 270 to 192.168.0.0/24 dev wlp6s0"
"table 270 to default via <closest internet node> dev enp8s0f0")
rules_wlp6s0="from 192.168.0.0/24 table 270 priority 270" |
Output of | Code: | | /etc/init.d/net.wlp6s0 restart; rfkill unblock wlan; /etc/init.d/hostapd start; sleep 5; echo "\n" |
:
| Code: | * Caching service dependencies ... [ ok ]
* Stopping openvpn.AzireVPN-se ... [ ok ]
* /etc/init.d/openhab2 uses runscript, please convert to openrc-run.
* Stopping openHAB ...
* start-stop-daemon: no matching processes found [ ok ]
* Unmounting network filesystems ... [ ok ]
* Stopping hamachi ...
Already logged out [ ok ]
* Stopping dnsmasq ... [ ok ]
* Stopping apache2 ... [ ok ]
* Stopping hostapd ... [ ok ]
* Bringing down interface wlp6s0
* Removing IPv4 RPDB rules
RTNETLINK answers: No such file or directory
Error talking to the kernel
* Bringing up interface wlp6s0
* 192.168.27.1/24 ... [ ok ]
* You are using a bash array for routes_wlp6s0.
* This feature will be removed in the future.
* Please see net.example for the correct format for routes_wlp6s0.
* Adding routes
* flush 270 ...
Error: any valid prefix is expected rather than "flush". [ !! ]
* table 270 to 192.168.0.0/24 dev wlp6s0 ...
Error: Device for nexthop is not up. [ !! ]
* table 270 to default via <closest internet node> dev enp8s0f0 ...
Error: Nexthop has invalid gateway. [ !! ]
* Adding IPv4 RPDB rules
* /etc/init.d/openhab2 uses runscript, please convert to openrc-run.
* Call to flock failed: Resource temporarily unavailable
* WARNING: hostapd is already starting
* Starting openHAB ...
* Starting hostapd ... [ ok ]
* Starting dnsmasq ...
Configuration file: /etc/hostapd/hostapd.conf
* Starting hamachi ...
wlp6s0: interface state UNINITIALIZED->COUNTRY_UPDATE
Using interface wlp6s0 with hwaddr de:ae:02:fa:88:12 and ssid "Computer-Pig" [ ok ]
wlp6s0: interface state COUNTRY_UPDATE->ENABLED
wlp6s0: AP-ENABLED [ ok ]
* Mounting network filesystems ...
* Starting openvpn.AzireVPN-se ... [ ok ]
* WARNING: openvpn.AzireVPN-se has started, but is inactive
* Starting apache2 ... [ ok ]
|
Output of :
| Code: | Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
REJECT udp -- anywhere anywhere udp dpt:bootps reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:domain reject-with icmp-port-unreachable
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
DROP tcp -- anywhere anywhere tcp dpts:0:1023
DROP udp -- anywhere anywhere udp dpts:0:1023
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- anywhere 192.168.0.0/16
ACCEPT all -- 192.168.0.0/16 anywhere
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere 192.168.0.0/16
ACCEPT all -- anywhere 192.168.0.0/16
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
|
Output of :
| Code: |
0.0.0.0/1 via 193.183.116.1 dev tun0
default via <closest internet node> dev enp8s0f0 proto static metric 100
25.0.0.0/8 dev ham0 proto kernel scope link src 25.76.239.160
68.114.36.12 via <closest internet node> dev enp8s0f0 proto dhcp metric 100
<closest internet node, but with last digit 0>/23 dev enp8s0f0 proto kernel scope link src <public IP> metric 100
128.0.0.0/1 via 193.183.116.1 dev tun0
192.168.27.0/24 dev wlp6s0 proto kernel scope link src 192.168.27.1
193.180.164.50 via <closest internet node> dev enp8s0f0
193.183.116.0/26 dev tun0 proto kernel scope link src 193.183.116.16
|
Output of :
| Code: | 0: from all lookup local
270: from 192.168.0.0/24 lookup lan
32766: from all lookup main
32767: from all lookup default
|
| Code: | | ip route show table 270 |
gives no output, as the boot configuration does not seem to work.
Does anyone know how I can fix this? Thanks! |
|
Networking & Security
