Jump to content
Not connected, Your IP: 3.235.76.155
Sign in to follow this  
r34lity23

iptables & bluetit

Recommended Posts

Hi all,

I am trying to setup a VM to block all internet that is not tunnelled through the VPN. I have the following iptables rules:

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-N logging
-A INPUT -i lo -j ACCEPT
-A INPUT -s 255.255.255.255/32 -j ACCEPT
-A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i tun+ -j ACCEPT
-A INPUT -j DROP
-A INPUT -j logging
-A FORWARD -i tun+ -j ACCEPT
-A FORWARD -o tun+ -j ACCEPT
-A FORWARD -j DROP
-A OUTPUT -p udp -m udp --dport 443 -m comment --comment "Allow VPN connection" -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -d 255.255.255.255/32 -j ACCEPT
-A OUTPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
-A OUTPUT -o tun+ -j ACCEPT
-A OUTPUT -j DROP
-A OUTPUT -j logging
-A logging -m limit --limit 2/min -j LOG --log-prefix "IPTables general: " --log-level 7
-A logging -j DROP
This seems to work fine if enabled after the VPN has already connected but appears to block the VPN from connecting if it has dropped for some reason. I was hoping that someone more knowledgeable about iptables could see a reason for it being unable to connect. The output from bluetit is as follows:
Jan 19 18:50:03 vpn1 bluetit[18500]: IPv6 is available in this system
Jan 19 18:50:03 vpn1 bluetit[18500]: System country set to XX by Bluetit policy.
Jan 19 18:50:03 vpn1 bluetit[18500]: Bluetit successfully initialized and ready
Jan 19 18:50:03 vpn1 bluetit[18500]: Starting AirVPN boot connection
Jan 19 18:50:03 vpn1 bluetit[18500]: Waiting for a valid AirVPN Manifest to be available
Jan 19 18:50:03 vpn1 bluetit[18500]: AirVPN Manifest updater thread started
Jan 19 18:50:03 vpn1 bluetit[18500]: AirVPN Manifest update interval is 15 minutes
Jan 19 18:50:03 vpn1 bluetit[18500]: Updating AirVPN Manifest
Jan 19 18:50:23 vpn1 bluetit[18500]: ERROR: Cannot start AirVPN Connection. AirVPN Manifest not available.
Jan 19 18:51:03 vpn1 bluetit[18500]: AirVPN Manifest successfully retrieved from local instance
Thanks for any help!

Share this post


Link to post
@r34lity23

Hello!

Please make sure to accept packets to and from the bootstrap servers. You can find their IP addresses in /etc/airvpn/bluetit.rc  file bootserver directives.

Kind regards
 

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...