VPN Client + Split Tunneling/Port Forwarding (Linux)

This forum is for general conversation and user-user networking.

Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech

Post Reply
Nota
OpenVpn Newbie
Posts: 1
Joined: Tue Dec 11, 2018 2:34 am

VPN Client + Split Tunneling/Port Forwarding (Linux)

Post by Nota » Tue Dec 11, 2018 2:52 am

Hi all, been all over the webz searches for days on this. End of my rope and all. OTOH I've learned a lot...

My setup is a fairly standard:

Compy (192.168.1.x) ------> Router (192.168.1.1) ------> VPN (Nord)

I used a fun little CLI called openpyn to set up the OpenVPN connection. It works great, connects automatically, all that. I can even allow LOCAL ports through the VPN tunnel, like this:

Code: Select all

openpyn -c us --tcp -f --allow 22 30000 30002 &
After it's all connected my routing table looks like:

Code: Select all

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.7.7.1        128.0.0.0       UG    0      0        0 tun0
default         _gateway        0.0.0.0         UG    20600  0        0 wlp4s0u2
10.7.7.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
128.0.0.0       10.7.7.1        128.0.0.0       UG    0      0        0 tun0
192.168.1.0     0.0.0.0         255.255.255.0   U     600    0        0 wlp4s0u2
207.189.30.224  _gateway        255.255.255.255 UGH   0      0        0 wlp4s0u2
And iptables, which are automatically written, look like:

Code: Select all

Chain INPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  207.244.71.99        anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  127.0.0.0/8          anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  207.244.71.99        anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.1.0/24       anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
DROP       all  --  127.0.0.0/8          anywhere            
ACCEPT     tcp  --  127.0.0.0/8          anywhere             tcp dpt:pago-services2
ACCEPT     tcp  --  127.0.0.0/8          anywhere             tcp dpt:ssh
ACCEPT     tcp  --  127.0.0.0/8          anywhere             tcp dpt:ndmps
ACCEPT     tcp  --  192.168.1.0/24       anywhere             tcp dpt:pago-services2
ACCEPT     tcp  --  192.168.1.0/24       anywhere             tcp dpt:ssh
ACCEPT     tcp  --  192.168.1.0/24       anywhere             tcp dpt:ndmps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy DROP)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             103.86.96.100        udp dpt:domain
ACCEPT     udp  --  anywhere             103.86.96.100        udp dpt:domain
ACCEPT     udp  --  anywhere             103.86.99.100        udp dpt:domain
ACCEPT     udp  --  anywhere             103.86.99.100        udp dpt:domain
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             207.244.71.99       
ACCEPT     all  --  anywhere             127.0.0.0/8         
ACCEPT     all  --  anywhere             207.244.71.99       
ACCEPT     all  --  anywhere             192.168.1.0/24      
ACCEPT     all  --  anywhere             anywhere
What I am trying to do is allow REMOTE traffic on specific ports, so I can enable certain ports from outside the LAN without it going through the VPN tunnel. I've tried a lot of things so far. I think it's something really simple, but nothing has worked. Oh, and ifconfig:

Code: Select all

tun0: flags=4305<UP,POINTOPOINT,RUNNING,NOARP,MULTICAST>  mtu 1500
        inet 10.7.7.160  netmask 255.255.255.0  destination 10.7.7.160
        unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  txqueuelen 100  (UNSPEC)
        RX packets 460  bytes 191371 (186.8 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 533  bytes 54204 (52.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlp4s0u2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.4  netmask 255.255.255.0  broadcast 192.168.1.255
        ether 00:19:86:42:fc:8b  txqueuelen 1000  (Ethernet)
        RX packets 820938  bytes 416927935 (397.6 MiB)
        RX errors 0  dropped 4  overruns 0  frame 0
        TX packets 764878  bytes 304899815 (290.7 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Thanks for any help.

Post Reply