Jump to content
Not connected, Your IP: 3.144.89.0
Sign in to follow this  
velociraptor_sb

ANSWERED Connecting ends in looping restarts..Network Lock prompts an ip6tables error

Recommended Posts

Hi everyone,

 

I am neither able to lockdown the net nor connect to airvpn servers.this happens for the first time for me

 

Both on the terminal and through the UI i get the same error "ip6tables  no chain/target/match by that name" error. I ve got both an iptables and ip6tables firewall running . I am  on Gentoo Linux x86_64 (4.14.8-gentoo-r1) . please let me know if you need any logs .

 

Thanks in advance.

Share this post


Link to post

UPDATE :

 

*Be advised* i am no expert on the magics of iptables and networking , and this is merely information collected from multiple sources mentioned below. So use at your own discretion

 

unfortunatly using openvpn configs generated for the country of choice doesnot rule out dns leaks even if the resolv-conf script is used, sometimes when visiting websites and checking ipleak.net , the ISP DNS shines brighter than the sun.

 

therefore a solution for now ,would be to manually lockdown the network  as follows :

 

1) generate openvpn configs for your country of choice through your client area of airvpn.org

2) download the eddie-ui portable version and extract its tar.gz

3)inside you will find the update-resolv-conf script you need to copy that to /etc/openvpn/ (this may vary from linux distribution to another) 

Please also make sure that openresolv or similar is installed on your distro and working else the script wont work

2) (skip to 3 for gentoo linux)add the following to the downloaded openvpn config (https://wiki.archlinux.org/index.php/OpenVPN#Update_resolv-conf_script)

 

script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

3-a-) (this instruction is for gentoo linux,skip to 4) if using any other distro ) copy the airvpn config to /etc/openvpn/ and name it anything u want like airvpn-udp.conf  (for more info https://wiki.gentoo.org/wiki/OpenVPN)

3- b-) run

 

ln -s /etc/init.d/openvpn /etc/init.d/openvpn.airvpn-udp

3-c) create script /etc/openvpn/airvpn-udp-up.sh and add the following to it

#!/bin/bash

/etc/openvpn/update-resolv-conf

3-d) create script /etc/openvpn/airvpn-udp-down.sh and add the same as 3-c) to it

 

3-e) mark both files executable

3-f) run

 

 /etc/init.d/openvpn.airvpn-udp start

 

 

4) (non gentoo) start openvpn with the airvpn configuration (Not tested as i do not have a non gentoo distro)

 

5)follow the ip tables section of this https://airvpn.org/faq/software_lock/ i summed it up in following script

 

#!/bin/bash

iptables -F
iptables -t nat -F
iptables -t mangle -F

# Flush V6
ip6tables -F
ip6tables -t nat -F
ip6tables -t mangle -F

# Local
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

# Local V6
ip6tables -A INPUT -i lo -j ACCEPT
ip6tables -A OUTPUT -o lo -j ACCEPT

# Make sure you can communicate with any DHCP server
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT
iptables -A INPUT -s 255.255.255.255 -j ACCEPT

# Make sure that you can communicate within your own network if Private Network option is enabled
#iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
#iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
#iptables -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
#iptables -A OUTPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT
#iptables -A INPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT
#iptables -A OUTPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT

# Allow incoming pings if Ping option is enabled
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

# Allow established sessions to receive traffic:
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow TUN
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT

# Block All
iptables -A OUTPUT -j DROP
iptables -A INPUT -j DROP
iptables -A FORWARD -j DROP

# Block All V6
ip6tables -A OUTPUT -j DROP
ip6tables -A INPUT -j DROP
ip6tables -A FORWARD -j DROP

6) mark it executable and run it (make sure to backup current iptables configuration first)

WARNING! : this will deny all outgoing connections so 7) is a must.

7)run the following  replacing nl with your country of choice (source : https://airvpn.org/topic/14378-how-can-i-get-vpn-servers-entry-ip-addresses/) (you might need net-dns/bind-tools package if on gentoo)

 

dig @8.8.8.8 nl.all.vpn.airdns.org +short +tcp | while read line; do iptables -I OUTPUT 1 -d "$line" -j ACCEPT;done 

 

Now the network lock should be in place and no dns info should leak, a test on ipleak.net should show only airvpn exit nodes. 

-----------------------------------------------------------------------------------------------------------------

 

 

 

8) when finished and after disconnecting openvpn  run 

iptables-restore < /etc/iptables/iptables-save

or on Gentoo

iptables-restore < /var/lib/iptables/rules-save

to restore old rules .

 

Hope this helps anyone who had my problem

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...