Dear all,
I am having trouble getting OpenVPN and Tethering working at the same time.
OSMC is running in the latest version on a RPi2. The system itself works like a charm. The Raspberry Pi is connected to the Internet with a Wifi module (works fine).
My PS3 is connected via ethernet to the RPi. After enabling the tethering in the GUI and setting dnsproxy=yes in /etc/connman.prefs it works the Internet connection works fine.
Finally I have installed openvpn client on the RPi. For the RPi everything works, however, my PS3 is no longer connected to the internet. Stopping OpenVPN reconnects the PS3 to the Internet.
At the end of the day I want the RPi to connect everything connected by Ethernet, to be routed through the VPN.
Could anyone point me in the right direction? Any log files/config that would be of interest?
Thanks,
Matze
messing around with the iptables did the trick.
I’ve been using the infos from this guide here:
adjusting it in terms of direction (eth → tun instead of wlan → eth)
BR Matze
Update, just in case it helps someone:
setting:
net.ipv4.ip_forward=1
in
/etc/sysctl.conf
and:
#!/bin/bash
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
iptables -A FORWARD -i tun0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
in a little script following successful connect of the vpn (up “path of script” in the openvpnclient.conf")
worked for me.
You absolute superstar. I only wish I had seen this 4 hours ago. Works a treat
Hi, could anyone help me how to use those codes? I have the same situation like op.
Thanks,
Details regarding how to access the command line interface can be found here on our Wiki: Accessing the command line - General - OSMC
Here is a cheatsheet and some tutorials for how to navigate in a Linux shell: Cheatsheets and Tutorials for users new to Linux based operating systems
I know how to use command line. I can access the command line via putty. But I wanted to know how to use those code exactly answered by one of user.
I am trying something very similar: my RPi3 connects to the Internet through eth0 and runs a vpn client. When I enable tethering (WiFi hotspot), I can connect to the pi, but have no internet.
I have:
âžś ~ cat /etc/sysctl.conf | grep net.ipv4.ip_forward
net.ipv4.ip_forward=1
âžś ~ cat /proc/sys/net/ipv4/ip_forward
1
This has not worked for me:
âžś ~ sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
sudo iptables -A FORWARD -i tun0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i wlan0 -o tun0 -j ACCEPT
Any help would be much appreciated!
Apparently, I only needed the
âžś ~ sudo iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
For the routing to work. Facebook messenger works like this. I cannot access websites, though. Which leads me to suspect there is still a persistent dns problem…
So is it a DNS problem or do you still have no Internet
I can chat over fb messenger. I cannot access i.e. google.com. I assume this has something to do with DNS.
From a smartphone, I assume.
From a smartphone or from the Pi itself? (Or both)
I can chat on fb messenger from my phone.
I can access the internet from my pi3. I cannot access google.com from my phone.
See here: Tethering - #11 by sam_nazarko
Unfortunately, I have a feeling that this won’t work with OpenVPN. But try it.
Why not?
I’ve set my dnsproxy to yes already.
âžś ~ cat /etc/connman.prefs
# If set to yes, connman enables a dns proxy running on localhost port 53 and sets /etc/resolv.conf nameservers to point at 127.0.0.1
# If set to no, the dns proxy is disabled and connman will update nameservers directly in /etc/resolv.conf.
dnsproxy=yes
It would have helped if you mentioned that you’ve already set dnsproxy=yes.
What’s the output from running route -n
Sorry. Here’s my route:
âžś ~ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.117.182.1 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
10.117.182.0 0.0.0.0 255.255.254.0 U 0 0 0 tun0
89.46.103.147 192.168.0.1 255.255.255.255 UGH 0 0 0 eth0
128.0.0.0 10.117.182.1 128.0.0.0 UG 0 0 0 tun0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 tether
Please provide the output from:
cat /etc/resolv.conf
host -v google.com
âžś ~ cat /etc/resolv.conf
# Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
# DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
nameserver 127.0.0.1
âžś ~ host -v google.com
Trying "google.com"
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31116
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 3 IN A 74.125.128.138
google.com. 3 IN A 74.125.128.139
google.com. 3 IN A 74.125.128.113
google.com. 3 IN A 74.125.128.100
google.com. 3 IN A 74.125.128.102
google.com. 3 IN A 74.125.128.101
Received 124 bytes from 127.0.0.1#53 in 1 ms
Trying "google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12759
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN AAAA
;; ANSWER SECTION:
google.com. 242 IN AAAA 2a00:1450:4013:c02::8b
Received 56 bytes from 127.0.0.1#53 in 0 ms
Trying "google.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7872
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;google.com. IN MX
;; ANSWER SECTION:
google.com. 542 IN MX 50 alt4.aspmx.l.google.com.
google.com. 542 IN MX 20 alt1.aspmx.l.google.com.
google.com. 542 IN MX 40 alt3.aspmx.l.google.com.
google.com. 542 IN MX 10 aspmx.l.google.com.
google.com. 542 IN MX 30 alt2.aspmx.l.google.com.
Received 268 bytes from 127.0.0.1#53 in 46 ms
That means it’s already been cached. Let’s try something you’re unlikely to have used before.
host -v bhg.com
Dns resolution works locally on the pi :
âžś ~ host -v bhg.com
Trying "bhg.com"
../../../../lib/isc/unix/net.c:581: sendmsg() failed: Operation not permitted
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3698
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bhg.com. IN A
;; ANSWER SECTION:
bhg.com. 300 IN A 198.186.175.108
Received 48 bytes from 127.0.0.1#53 in 106 ms
Trying "bhg.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6259
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;bhg.com. IN AAAA
;; AUTHORITY SECTION:
bhg.com. 900 IN SOA ns-1115.awsdns-11.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
Received 117 bytes from 127.0.0.1#53 in 72 ms
Trying "bhg.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27323
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;bhg.com. IN MX
;; ANSWER SECTION:
bhg.com. 3600 IN MX 10 us-smtp-inbound-1.mimecast.com.
bhg.com. 3600 IN MX 10 us-smtp-inbound-2.mimecast.com.
Received 131 bytes from 127.0.0.1#53 in 93 ms