Community Forum

t1ck3ts
t1ck3ts
Offline
Resolved
0 votes
Wonder if you guys can help with this one.

I've setup and generated the Torguard VPN config and put it into /etc/openvpn as with all the others.
It connects (had to put route-nopull into the torguard config else it would kill my entire network. No webpages would load)

I would like to only send HTTP and HTTPS traffic over the Torguard VPN connection, leaving my games to run on the normal line, eno1 (External), for lower pings.

Im having no luck :/ VPN connects but cant forward traffic over it.

This is what i've tried so far, but with no luck:

iptables -I POSTROUTING -t nat -o tun2 -j MASQUERADE
ip route add default dev tun2 table 200
ip rule add fwmark 11 table 200

iptables -t mangle -I PREROUTING -p tcp --dport 80 -j MARK --set-mark 11
iptables -t mangle -I PREROUTING -p tcp --dport 443 -j MARK --set-mark 11


Any ideas would be helpful.
Thanks!
In OpenVPN
Tuesday, November 14 2017, 09:15 PM
Share this post:
Responses (3)
  • Accepted Answer

    Wednesday, November 15 2017, 04:31 PM - #Permalink
    Resolved
    0 votes
    DNS leaks can be caused by using ClearOS as your DNS server. On your client, try setting the DNS server to 8.8.8.8 and 8.8.4.4 (GoogleDNS) and see if you still get a leak. the downsides will be that all your lookups may go through the tunnel and you won't be able to resolve LAN host names. If it works, you can intercept DNS lookups with the firewall and redirect them to GoogleDNNS instead. This can be scripted.
    The reply is currently minimized Show
  • Accepted Answer

    t1ck3ts
    t1ck3ts
    Offline
    Wednesday, November 15 2017, 04:18 PM - #Permalink
    Resolved
    0 votes
    Thanks for the reply Nick. I'll look into that, see how its done.

    I got it working by setting the following:
    sysctl -w net.ipv4.conf.tun2.rp_filter=2

    Although, it doesn't help with DNS leaks, sadly.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, November 15 2017, 02:57 PM - #Permalink
    Resolved
    0 votes
    I am not sure why you are masquerading your traffic.

    Download the app-ibvpn-core from clearos-contribs and have a look at the route-up.sh script for some ideas. They do not use any marking, but they do play with routing tables. I think in the app you set a list of LAN IP's which you want to use the VPN for and the script runs against those IP's. I am not sure the best way to handle the different ports, but have a look at the openvpn configuration in the zip file on this post. It looks like OpenVPN/ibVPN here only runs against four ports.
    The reply is currently minimized Show
Your Reply