Search the Community

Hello I know this is not 100% related to AirVPN but I just cant figure out how to do the setup. What I want to is do a forward from one LXC container to the OpenVPN LXC container I know that I could install OpenVPN in the Prowlarr LXC and Qbittorrent LXC but that would be usage of 2 connections out of 5. My setup is 192.168.1.129 - OpenVPN with airVPN.conf file 192.168.1.131 - Prowlarr 192.168.1.132 - Sonarr 192.168.1.133 - Radarr 192.168.1.139 - Qbittorrent So What I want to do is 192.168.1.131 --> Routing --> 192.168.1.129 (using VPN) and 192.168.1.129 and 192.168.1.139 --> routing --> 192.168.1.129 (VPN) meaning that finding the files and downloading files is done through the VPN-connection (192.168.1.129). I have installed OpenVPN + AirVPN.ovnf file in 192.168.1.1239 - My 129.conf looks like this. arch: amd64 cores: 1 features: nesting=1 hostname: openvpn memory: 1024 net0: name=eth0,bridge=vmbr0,gw=192.168.1.1,hwaddr=BC:24:11:7C:1C:98,ip=192.168.1.129/24,type=veth net1: name=eth1,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:0C:BC:F5,ip=dhcp,type=veth onboot: 1 ostype: debian rootfs: local-lvm:vm-129-disk-0,size=2G swap: 512 tags: community-script;os lxc.cgroup2.devices.allow: a lxc.cap.drop: lxc.cgroup2.devices.allow: c 188:* rwm lxc.cgroup2.devices.allow: c 189:* rwm lxc.mount.entry: /dev/serial/by-id dev/serial/by-id none bind,optional,create=dir lxc.mount.entry: /dev/ttyUSB0 dev/ttyUSB0 none bind,optional,create=file lxc.mount.entry: /dev/ttyUSB1 dev/ttyUSB1 none bind,optional,create=file lxc.mount.entry: /dev/ttyACM0 dev/ttyACM0 none bind,optional,create=file lxc.mount.entry: /dev/ttyACM1 dev/ttyACM1 none bind,optional,create=file lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file lxc.cap.drop: lxc.apparmor.profile: unconfined Prowlarr (192.168.1.131) 131.conf looks like this arch: amd64 cores: 2 features: keyctl=1,nesting=1 hostname: prowlarr memory: 1024 mp0: /mnt/pve/Plex,mp=/mnt/Plex net0: name=eth0,bridge=vmbr0,gw=192.168.1.1,hwaddr=BC:24:11:6B:C3:21,ip=192.168.1.131/24,type=veth net1: name=eth1,bridge=vmbr0,firewall=1,hwaddr=BC:24:11:0C:BC:F4,ip=dhcp,type=veth onboot: 1 ostype: debian rootfs: local-lvm:vm-131-disk-0,size=4G swap: 512 tags: arr;community-script unprivileged: 0 lxc.cgroup2.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file lxc.cap.drop: lxc.apparmor.profile: unconfined but the forward to 129 just don't work. Any ideas of what I should do? Thanks When it works, then I could write a guide for a full setup - LXC container for Container if anyone needs it.

Hello, can someone explain how the iptables need to be changed for me in order to get the desired network lock working? $ ifconfig eth0 Link encap:Ethernet HWaddr 00:16:3e:f0:ea:1a inet addr:10.0.3.226 Bcast:10.0.3.255 Mask:255.255.255.0 inet6 addr: fe80::216:3eff:fef0:ea1a/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:14427656 errors:0 dropped:0 overruns:0 frame:0 TX packets:9119526 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:20539458438 (20.5 GB) TX bytes:2946926836 (2.9 GB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:510367 errors:0 dropped:0 overruns:0 frame:0 TX packets:510367 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:109371859 (109.3 MB) TX bytes:109371859 (109.3 MB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.4.7.67 P-t-P:10.4.7.67 Mask:255.255.0.0 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:965 (965.0 TX bytes:2086 (2.0 KB) $ route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 0.0.0.0 10.0.3.1 0.0.0.0 UG 0 0 0 eth0 10.0.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.4.0.0 0.0.0.0 255.255.0.0 U 0 0 0 tun0 128.0.0.0 10.4.0.1 128.0.0.0 UG 0 0 0 tun0 178.162.198.103 10.0.3.1 255.255.255.255 UGH 0 0 0 eth0 From https://airvpn.org/faq/software_lock/: # Flush iptables -F iptables -t nat -F iptables -t mangle -F # Flush V6 ip6tables -F ip6tables -t nat -F ip6tables -t mangle -F # Local iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT # Local V6 ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A OUTPUT -o lo -j ACCEPT # Make sure you can communicate with any DHCP server iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT iptables -A INPUT -s 255.255.255.255 -j ACCEPT # Make sure that you can communicate within your own network if Private Network option is enabled iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT iptables -A INPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT iptables -A OUTPUT -s 10.0.0.0/8 -d 10.0.0.0/8 -j ACCEPT iptables -A INPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT iptables -A OUTPUT -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT # Allow incoming pings if Ping option is enabled iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Allow established sessions to receive traffic: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow TUN iptables -A INPUT -i tun+ -j ACCEPT iptables -A FORWARD -i tun+ -j ACCEPT iptables -A OUTPUT -o tun+ -j ACCEPT # Block All iptables -A OUTPUT -j DROP iptables -A INPUT -j DROP iptables -A FORWARD -j DROP # Block All V6 ip6tables -A OUTPUT -j DROP ip6tables -A INPUT -j DROP ip6tables -A FORWARD -j DROP