I am running a headless Ubuntu 18.04 server VM (bridged KVM) that has ens3 as its primary "ethernet" interface (in reality the virtual bridged interface).
I connect the VM to PrivateInternetAccess via OpenVPN, accepting the "redirect-gateway def1" option pushed by the PIA server. This creates what I understand are the default routes on my VM to ensure that all internet traffic is directed over the VPN tunnel (which is what I want).
When I start the OpenVPN client, the tunnel (tun1) is successfully established, the relevant routes are established, and leak tests (eg ipleak.net, akamai, ipinfo.io) all indicate that my IP address is that of PIA's server.
I also have iptables set up to ensure that, except for LAN traffic and some other limited exceptions (eg DNS and OpenVPN ports for tunnel establishment), only traffic over the VPN tunnel is allowed. When the tunnel is not established, this appears to work successfully as a "kill switch".
My issue is that when I look at the output of, eg, ifconfig, it shows that the vast bulk of traffic is incoming and outgoing over the ethernet interface (ens3), rather than the tunnel (tun1). I realise that the tunnel interface is a virtual overlay on the ethernet interface, but I would have expected the stats still to indicate that the tunnel is being used for the traffic. Am I wrong?
Relevant information below:
remote au-sydney.privateinternetaccess.com 1197
pull-filter ignore "dhcp-option DNS"
dhcp-option DNS 184.108.40.206
dhcp-option DNS 220.127.116.11
dhcp-option DOMAIN-ROUTE .
Routes established when the tunnel is active:
Code: Select all
$ ip route list 0.0.0.0/1 via 10.33.10.5 dev tun1 default via 10.0.77.1 dev ens3 proto dhcp src 10.0.77.11 metric 100 10.0.77.0/24 dev ens3 proto kernel scope link src 10.0.77.11 10.0.77.1 dev ens3 proto dhcp scope link src 10.0.77.11 metric 100 10.33.10.1 via 10.33.10.5 dev tun1 10.33.10.5 dev tun1 proto kernel scope link src 10.33.10.6 18.104.22.168/1 via 10.33.10.5 dev tun1 22.214.171.124 via 10.0.77.1 dev ens3