Tethering and OpenVPN

Dear all,

I am having trouble getting OpenVPN and Tethering working at the same time.

OSMC is running in the latest version on a RPi2. The system itself works like a charm. The Raspberry Pi is connected to the Internet with a Wifi module (works fine).

My PS3 is connected via ethernet to the RPi. After enabling the tethering in the GUI and setting dnsproxy=yes in /etc/connman.prefs it works the Internet connection works fine.

Finally I have installed openvpn client on the RPi. For the RPi everything works, however, my PS3 is no longer connected to the internet. Stopping OpenVPN reconnects the PS3 to the Internet.

At the end of the day I want the RPi to connect everything connected by Ethernet, to be routed through the VPN.

Could anyone point me in the right direction? Any log files/config that would be of interest?

Thanks,
Matze

messing around with the iptables did the trick.

I’ve been using the infos from this guide here:

adjusting it in terms of direction (eth → tun instead of wlan → eth)

BR Matze

Update, just in case it helps someone:

setting:
net.ipv4.ip_forward=1
in
/etc/sysctl.conf

and:

#!/bin/bash
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT

in a little script following successful connect of the vpn (up “path of script” in the openvpnclient.conf")
worked for me.

You absolute superstar. I only wish I had seen this 4 hours ago. Works a treat

Hi, could anyone help me how to use those codes? I have the same situation like op.

Thanks,

Details regarding how to access the command line interface can be found here on our Wiki: https://osmc.tv/wiki/general/accessing-the-command-line/

Here is a cheatsheet and some tutorials for how to navigate in a Linux shell: Cheatsheets and Tutorials for users new to Linux based operating systems

I know how to use command line. I can access the command line via putty. But I wanted to know how to use those code exactly answered by one of user.

I am trying something very similar: my RPi3 connects to the Internet through eth0 and runs a vpn client. When I enable tethering (WiFi hotspot), I can connect to the pi, but have no internet.

I have:

➜  ~ cat /etc/sysctl.conf | grep net.ipv4.ip_forward
net.ipv4.ip_forward=1
➜  ~ cat /proc/sys/net/ipv4/ip_forward                                                                 
1

This has not worked for me:

➜  ~ sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT

Any help would be much appreciated!

Apparently, I only needed the

➜  ~ sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

For the routing to work. Facebook messenger works like this. I cannot access websites, though. Which leads me to suspect there is still a persistent dns problem…

So is it a DNS problem or do you still have no Internet

I can chat over fb messenger. I cannot access i.e. google.com. I assume this has something to do with DNS.

From a smartphone, I assume.

From a smartphone or from the Pi itself? (Or both)

I can chat on fb messenger from my phone.
I can access the internet from my pi3. I cannot access google.com from my phone.

See here: Tethering - #11 by sam_nazarko

Unfortunately, I have a feeling that this won’t work with OpenVPN. But try it.

Why not?:slight_smile:
I’ve set my dnsproxy to yes already.

➜  ~ cat /etc/connman.prefs
# If set to yes, connman enables a dns proxy running on localhost port 53 and sets /etc/resolv.conf nameservers to point at 127.0.0.1
# If set to no, the dns proxy is disabled and connman will update nameservers directly in /etc/resolv.conf.

dnsproxy=yes

It would have helped if you mentioned that you’ve already set dnsproxy=yes.

What’s the output from running route -n

Sorry. Here’s my route:

➜  ~ route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.117.182.1    128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.0.1     0.0.0.0         UG    0      0        0 eth0
10.117.182.0    0.0.0.0         255.255.254.0   U     0      0        0 tun0
89.46.103.147   192.168.0.1     255.255.255.255 UGH   0      0        0 eth0
128.0.0.0       10.117.182.1    128.0.0.0       UG    0      0        0 tun0
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
192.168.0.1     0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 tether

Please provide the output from:

cat /etc/resolv.conf
host -v google.com
➜  ~ cat /etc/resolv.conf              
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
#     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
➜  ~ host -v google.com  
Trying "google.com"
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31116
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		3	IN	A	74.125.128.138
google.com.		3	IN	A	74.125.128.139
google.com.		3	IN	A	74.125.128.113
google.com.		3	IN	A	74.125.128.100
google.com.		3	IN	A	74.125.128.102
google.com.		3	IN	A	74.125.128.101

Received 124 bytes from 127.0.0.1#53 in 1 ms
Trying "google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12759
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	AAAA

;; ANSWER SECTION:
google.com.		242	IN	AAAA	2a00:1450:4013:c02::8b

Received 56 bytes from 127.0.0.1#53 in 0 ms
Trying "google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7872
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	MX

;; ANSWER SECTION:
google.com.		542	IN	MX	50 alt4.aspmx.l.google.com.
google.com.		542	IN	MX	20 alt1.aspmx.l.google.com.
google.com.		542	IN	MX	40 alt3.aspmx.l.google.com.
google.com.		542	IN	MX	10 aspmx.l.google.com.
google.com.		542	IN	MX	30 alt2.aspmx.l.google.com.

Received 268 bytes from 127.0.0.1#53 in 46 ms

That means it’s already been cached. Let’s try something you’re unlikely to have used before.

host -v bhg.com

Dns resolution works locally on the pi :

➜  ~ host -v bhg.com
Trying "bhg.com"
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3698
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bhg.com.			IN	A

;; ANSWER SECTION:
bhg.com.		300	IN	A	198.186.175.108

Received 48 bytes from 127.0.0.1#53 in 106 ms
Trying "bhg.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6259
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;bhg.com.			IN	AAAA

;; AUTHORITY SECTION:
bhg.com.		900	IN	SOA	ns-1115.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400

Received 117 bytes from 127.0.0.1#53 in 72 ms
Trying "bhg.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27323
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;bhg.com.			IN	MX

;; ANSWER SECTION:
bhg.com.		3600	IN	MX	10 us-smtp-inbound-1.mimecast.com.
bhg.com.		3600	IN	MX	10 us-smtp-inbound-2.mimecast.com.

Received 131 bytes from 127.0.0.1#53 in 93 ms