My setup is a fairly standard:
Compy (192.168.1.x) ------> Router (192.168.1.1) ------> VPN (Nord)
I used a fun little CLI called openpyn to set up the OpenVPN connection. It works great, connects automatically, all that. I can even allow LOCAL ports through the VPN tunnel, like this:
Code: Select all
openpyn -c us --tcp -f --allow 22 30000 30002 &
Code: Select all
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.7.7.1 128.0.0.0 UG 0 0 0 tun0
default _gateway 0.0.0.0 UG 20600 0 0 wlp4s0u2
10.7.7.0 0.0.0.0 255.255.255.0 U 0 0 0 tun0
128.0.0.0 10.7.7.1 128.0.0.0 UG 0 0 0 tun0
192.168.1.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp4s0u2
207.189.30.224 _gateway 255.255.255.255 UGH 0 0 0 wlp4s0u2
Code: Select all
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- 207.244.71.99 anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- 127.0.0.0/8 anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- 207.244.71.99 anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- 192.168.1.0/24 anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
DROP all -- 127.0.0.0/8 anywhere
ACCEPT tcp -- 127.0.0.0/8 anywhere tcp dpt:pago-services2
ACCEPT tcp -- 127.0.0.0/8 anywhere tcp dpt:ssh
ACCEPT tcp -- 127.0.0.0/8 anywhere tcp dpt:ndmps
ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:pago-services2
ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:ssh
ACCEPT tcp -- 192.168.1.0/24 anywhere tcp dpt:ndmps
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- anywhere 103.86.96.100 udp dpt:domain
ACCEPT udp -- anywhere 103.86.96.100 udp dpt:domain
ACCEPT udp -- anywhere 103.86.99.100 udp dpt:domain
ACCEPT udp -- anywhere 103.86.99.100 udp dpt:domain
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 207.244.71.99
ACCEPT all -- anywhere 127.0.0.0/8
ACCEPT all -- anywhere 207.244.71.99
ACCEPT all -- anywhere 192.168.1.0/24
ACCEPT all -- anywhere anywhere
Code: Select all
tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST> mtu 1500
inet 10.7.7.160 netmask 255.255.255.0 destination 10.7.7.160
unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 txqueuelen 100 (UNSPEC)
RX packets 460 bytes 191371 (186.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 533 bytes 54204 (52.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp4s0u2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.4 netmask 255.255.255.0 broadcast 192.168.1.255
ether 00:19:86:42:fc:8b txqueuelen 1000 (Ethernet)
RX packets 820938 bytes 416927935 (397.6 MiB)
RX errors 0 dropped 4 overruns 0 frame 0
TX packets 764878 bytes 304899815 (290.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0