Jump to content
Not connected, Your IP: 18.233.223.189
Sign in to follow this  
mr.Rhee

Initial install & IPTables questions?

Recommended Posts

Hi, first post.

 

I'm running Manjaro Linux, which had openvpn already installed. I used the OpenVPN Configuration Generator, selecting:- Linux; Europe; Direct, protocol UDP, port 443; I didn't use any of the Advanced settings.

 

This gave me a file called AirVPN_Europe_UDP-443.ovpn which I put into the /etc/openvpn directory & then, in the Terminal I entered the following command:

 

 

sudo chmod 400 AirVPN_Europe_UDP-443.ovpn

 

Followed by this one:

sudo openvpn --config /etc/openvpn/AirVPN_Europe_UDP-443.ovpn

 

OpenVPN ran through & did its stuff & now I am connected to the internet via AirVPN.

 

So that's the background.

 

I'm in the process of implementing this how-to so that the internet connection will be dropped if for some reason I loose the VPN connection.

 

https://airvpn.org/topic/9139-prevent-leaks-with-linux-iptables/?hl=%2Biptables+%2Bleaks+%2Blinux

 

The problem I have is I don't know what to do with this final command:

 

 

iptables -A OUTPUT -o eth+ ! -d a.b.c.d -j DROP # if destination for outgoing packet on eth+ is NOT a.b.c.d, drop the packet, so that nothing leaks if VPN disconnects

 

What do I use for a.b.c.d ? If I look in my one & only .ovpn file, what I have on the remote line looks like this:

 

remote europe.vpn.airdns.org 443

 

& that won't work. I need an IP address, but I don't know how to find it?

 

Also, re. the above linked how-to, I have added the following:

 

nameserver 10.4.0.1 # ===>>>> in order to use AirVPN DNS

 

To both my /etc/resolv.conf & also to the /etc/resolvconf.conf as I think that my resolve.conf gets overwritten on boot, by what I put in the resolvconf.conf .

 

Anyway, hopefully I've not created any problems there, I haven't rebooted yet to see what happens in that regard.

 

My thanks to all concerned for creating AirVPN, it was really easy to get going, I just have to do this litte bit of tweaking to finish off the initial install.

Share this post


Link to post

@mr.Rhee

 

Hello and welcome aboard!

 

In the rule you need to specify the entry-IP address of the VPN server you connect to. europe.vpn.airdns.org resolves to the entry-IP of the VPN server which has the "best rating". Rating is calculated every 5 minutes according to various parameters (server status, latency with all the other VPN servers, available bandwidth, packet loss) and the DNS record, if necessary, is updated accordingly.

 

In order to see which IP address the name resolves into, just resolve it in your system (for example "dig @ europe.vpn.airdns.org, or even ping europe.vpn.airdns.org).

 

In order to see the list of all the servers entry-IP address, you can generate a single configuration file with "Planet Earth" or "Europe" as region, making sure to tick both "Resolved hosts in .ovpn file" and "All servers for area or region". You will get a file with a long list of "remote" lines which will show the various servers entry-IP addresses. Alternatively just open a ticket to "Support" (from the upper menu "Contact us") and ask for them.

 

About the DNS push, if you have resolvconf or openresolv installed, please see here https://airvpn.org/topic/9608-how-to-accept-dns-push-on-linux-systems-with-resolvconf/

 

Kind regards

Share this post


Link to post

Thanks for your helpful reply.

 

Has someone written a script that will update the IPTables with the server being used's IP address? Or is using a region as opposed to a specific server (known IP address) with the IPTables just plain fiddly to do?

 

I have the impression that there are other ways to protect your genuine IP address, perhaps they are more suitable when using the "best server in the specified region" method of access to AirVPN?

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...