I'm trying to use transparent proxying Tor over VPN on Debian latest x64 and standard OpenVPN client with port 2018 configuration file generated from Air client area.
My problem is that I will either be reduced to an intermittent connection or no connection after a few (simultaneous?) requests. I can connect to the VPN, and get a page in the terminal with "wget" or "curl" without problems. If I then open my browser (latest Firefox) and try to load a page, it may load without issues, it may take over a minute to load, or it may not load at all. During this time, the previously working wget and curl, don't work. I also can't resolve hostnames (using Tor's DNSPort). It may start working again a while later, and then I will try to load a site that has a lot of content, and it will stop working again. Maybe it will stop working entirely.
The solution is to disconnect from the VPN and reconnect.
Nothing is shown in Tor log, VPN log (connecting is normal), or system logs.
Another problem is that UDP traffic will still go through. I can connect to a UDP service and the VPN IP is shown, but I want it blocked entirely.
My iptables rules, which may be incorrect, I'm not experienced with them:
#!/bin/sh iptables -F iptables -t nat -F iptables -t nat -A OUTPUT -m owner --uid-owner 110 -j RETURN iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 53 iptables -t nat -A OUTPUT -d 192.168.0.0/24 -j RETURN iptables -t nat -A OUTPUT ! -o lo -p tcp -m tcp -m owner ! --uid-owner 110 -j REDIRECT --to-ports 9040 iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A OUTPUT -m owner --uid-owner 110 -j ACCEPT iptables -A OUTPUT -p icmp -j DROP iptables -A INPUT -p icmp -j DROP iptables -A INPUT -i tun0 -p udp -j RETURN iptables -A OUTPUT -o tun0 -p udp -j RETURN iptables -A INPUT -i lo -p udp -j RETURN iptables -A OUTPUT -o lo -p udp -j RETURN iptables -A INPUT -p udp -s 192.168.0.0/24 -j RETURN iptables -A OUTPUT -p udp -d 192.168.0.0/24 -j RETURN iptables -A INPUT -p udp ! --source-port 2018 -j DROP iptables -A OUTPUT -p udp ! --destination-port 2018 -j DROP ip6tables -F ip6tables -t nat -F ip6tables -A INPUT -j DROP ip6tables -A OUTPUT -j DROP
Thanks in advance.