IPTABLE Setup LIBREELEC with OpenVPN
I am struggling to set up the IPTABLE rules on LIBREELEC through an PIA OpenVPN connection. There are many examples on the internet of other people getting this working but I cannot for the life of me.
I would like traffic to be routed though tun0 only so if the OpenVPN connection drops then traffic is blocked until tun0 is reestablished
IPTABLE.sh Script
iptables -F
#Allow loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#Allow all local traffic. (if i remove this i cannot SSH onto the box so this proves this is OK)
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
#Allow VPN establishment (if i remove this then I cannot connect to the VPN and get a "write UDP: Operation not permitted" error.)
iptables -A OUTPUT -p udp -d 89.238.139.52 --dport 1198 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 89.238.139.52 --sport 1198 -m state --state ESTABLISHED,RELATED -j ACCEPT
#Accept all TUN0 connections (tun0 = VPN tunnel) (I dont think my traffic is being allowed to pass though tun0)
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
#Set default policies to drop all communication unless specifically allowed
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Route Table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.96.10.5 128.0.0.0 UG 0 0 0 tun0
default 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
10.96.10.1 10.96.10.5 255.255.255.255 UGH 0 0 0 tun0
10.96.10.5 * 255.255.255.255 UH 0 0 0 tun0
89.238.139.52 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0
128.0.0.0 10.96.10.5 128.0.0.0 UG 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 wlan0
192.168.0.1 * 255.255.255.255 UH 0 0 0 wlan0
194.168.4.100 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0
194.168.8.100 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0
before running the IPTABLE.sh script i can connect to the internet
after running it I cannot
I then connect to the VPN (this appears successfull)
afte this I cannot connect to the internet. I believe that traffic is not getting passed to tun0
Any help would be much appreciated
I would like traffic to be routed though tun0 only so if the OpenVPN connection drops then traffic is blocked until tun0 is reestablished
IPTABLE.sh Script
iptables -F
#Allow loopback
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
#Allow all local traffic. (if i remove this i cannot SSH onto the box so this proves this is OK)
iptables -A INPUT -s 192.168.0.0/24 -j ACCEPT
iptables -A OUTPUT -d 192.168.0.0/24 -j ACCEPT
#Allow VPN establishment (if i remove this then I cannot connect to the VPN and get a "write UDP: Operation not permitted" error.)
iptables -A OUTPUT -p udp -d 89.238.139.52 --dport 1198 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p udp -s 89.238.139.52 --sport 1198 -m state --state ESTABLISHED,RELATED -j ACCEPT
#Accept all TUN0 connections (tun0 = VPN tunnel) (I dont think my traffic is being allowed to pass though tun0)
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A INPUT -i tun0 -j ACCEPT
#Set default policies to drop all communication unless specifically allowed
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Route Table
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.96.10.5 128.0.0.0 UG 0 0 0 tun0
default 192.168.0.1 0.0.0.0 UG 0 0 0 wlan0
10.96.10.1 10.96.10.5 255.255.255.255 UGH 0 0 0 tun0
10.96.10.5 * 255.255.255.255 UH 0 0 0 tun0
89.238.139.52 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0
128.0.0.0 10.96.10.5 128.0.0.0 UG 0 0 0 tun0
192.168.0.0 * 255.255.255.0 U 0 0 0 wlan0
192.168.0.1 * 255.255.255.255 UH 0 0 0 wlan0
194.168.4.100 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0
194.168.8.100 192.168.0.1 255.255.255.255 UGH 0 0 0 wlan0
before running the IPTABLE.sh script i can connect to the internet
after running it I cannot
I then connect to the VPN (this appears successfull)
afte this I cannot connect to the internet. I believe that traffic is not getting passed to tun0
Any help would be much appreciated
Comments
Just to be sure, if you connect to the VPN without the iptables script, does the VPN work properly? That will indicate us whether it's the iptables or not and eliminate a good chunk of possibilities right away.