Configuring the IpTables - write UDPv4 Operation not permitted
Hello,
I've been struggling with configuring the ip tables correctly to avoid any leaks.
I'm running Linux Mint and OpenVpn 2.3.2
The problem seems to be with my UDP rules. I took a look at configuration file that OpenVPN uses and confirmed the Port number
----
So I added my UDP rules as follow
However when I initiate the VPN connectivity, I get this..
-------------------------------------------------------------------------------
I've been struggling with configuring the ip tables correctly to avoid any leaks.
I'm running Linux Mint and OpenVpn 2.3.2
The problem seems to be with my UDP rules. I took a look at configuration file that OpenVPN uses and confirmed the Port number
----
proto udp
remote nl.privateinternetaccess.com 1198
---So I added my UDP rules as follow
iptables -A INPUT -p udp --dport 1198 -j ACCEPT
iptables -A OUTPUT -p udp --sport 1198 -j ACCEPT
-------------------------------------------------------------------------------
n Dec 3 12:12:26 2017 UDPv4 link local: [undef]
Sun Dec 3 12:12:26 2017 UDPv4 link remote: [AF_INET]46.166.186.235:1198
Sun Dec 3 12:12:26 2017 write UDPv4: Operation not permitted (code=1)
Sun Dec 3 12:12:29 2017 write UDPv4: Operation not permitted (code=1)
Sun Dec 3 12:12:33 2017 write UDPv4: Operation not permitted (code=1)
Sun Dec 3 12:12:41 2017 write UDPv4: Operation not permitted (code=1)
Sun Dec 3 12:12:57 2017 write UDPv4: Operation not permitted (code=1)
Sun Dec 3 12:13:26 2017 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Sun Dec 3 12:13:26 2017 TLS Error: TLS handshake failed
----------------------------------------------------------------------------------------------------
I then reverted the IP table rules, connect to the VPN while running wireshark to see the port number it normally uses and I see 1198 and interesting enough I also see port 34350 for a couple of requests. So I added
iptables -A OUTPUT -p udp --sport 34350 -j ACCEPT
but that didn't help either.
if I allow ALL udp connection as the following, it works
iptables -A OUTPUT -p udp -j ACCEPT
So, it looks like I'm missing one or several ports to allow.
What am I missing?
Thanks in advance.
I then reverted the IP table rules, connect to the VPN while running wireshark to see the port number it normally uses and I see 1198 and interesting enough I also see port 34350 for a couple of requests. So I added
iptables -A OUTPUT -p udp --sport 34350 -j ACCEPT
but that didn't help either.
if I allow ALL udp connection as the following, it works
iptables -A OUTPUT -p udp -j ACCEPT
So, it looks like I'm missing one or several ports to allow.
What am I missing?
Thanks in advance.
Comments
I guess my question is how should I write the iptable rules to be able to start a connection with the vpn?
=================
================================
There's always the possibility that another rule is interfering somewhere. The order is important with iptables.
I would recommend flushing all the rules and testing those two specifically alone and only add them back to the rest of the script once you know they work, that way you'll know it's not because another rule is blocking it already accidentally.