Join Log in
Score:0
Steve Moretz avatar Server

Stunnel + OpenVPN connected but no internet

in flag
Steve Moretz

I have setup

stunnel on server


pid = /var/run/stunnel4/stunnel.pid
output = /var/log/stunnel4/stunnel.log
setuid = root
setgid = root
[openvpn]
cert=/etc/stunnel/cert.pem
options = NO_SSLv2
options = NO_SSLv3
options = NO_TLSv1
options = NO_TLSv1.1
sslVersion = TLSv1.2
key=/etc/stunnel/key.pem
accept = 0.0.0.0:8080
connect = 127.0.0.1:1194

stunnel on client


output = /Volumes/HDD/Users/steve/Desktop/stunnel/stunnel.log
pid = /Volumes/HDD/Users/steve/Desktop/stunnel/stunnel.pid
client = yes
[openvpn]
sni = www.bing.com
accept = 127.0.0.1:1194
connect = 23.95.191.205:8080

And before I connect via OpenVPN add the ip to the gateway using (on macOS)

sudo route -n add -net 23.95.191.254/27 192.168.1.1
sudo route -n add -net 23.95.191.205/27 192.168.1.1

Then I press connect button in OpenVPN (which is setup to use 127.0.0.1 instead of public ip of the server), it's connected (real fast no issues and it connects everytime I try it):

enter image description here

But I can't load any websites!

Here's are the logs for stunnel on server

2022.12.14 22:43:03 LOG5[27948:140462685611776]: Service [openvpn] accepted connection from 78.39.186.44:52571
2022.12.14 22:43:03 LOG5[27948:140462685611776]: connect_blocking: connected 127.0.0.1:1194
2022.12.14 22:43:03 LOG5[27948:140462685611776]: Service [openvpn] connected remote server from 127.0.0.1:46476

and client

2022.12.15 02:13:03 LOG5[29]: Service [openvpn] accepted connection from 127.0.0.1:52570
2022.12.15 02:13:03 LOG5[29]: s_connect: connected 23.95.191.205:8080
2022.12.15 02:13:03 LOG5[29]: Service [openvpn] connected remote server from 192.168.1.100:52571

Here's the iptables

 iptables -vnL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
   76  3114 udp2rawDwrW_46cc7010_C0  icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8
 285K  295M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
  802 48092 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 4239  300K INPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 4239  300K INPUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 4239  300K INPUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
  399 18215 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
 1640  150K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
   19  1596 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
 7791  506K FORWARD_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 7791  506K FORWARD_IN_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 7791  506K FORWARD_IN_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 7790  506K FORWARD_OUT_ZONES_SOURCE  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 7790  506K FORWARD_OUT_ZONES  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
 7790  506K REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
    0     0 ACCEPT     all  --  wg0    *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      wg0     0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT (policy ACCEPT 1709 packets, 212K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68
36495 6037K ACCEPT     all  --  *      lo      0.0.0.0/0            0.0.0.0/0           
 169K  278M OUTPUT_direct  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 FWDI_public  all  --  ens160 *       0.0.0.0/0            0.0.0.0/0           [goto] 
 7791  506K FWDI_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_OUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 7790  506K FWDO_public  all  --  *      ens160  0.0.0.0/0            0.0.0.0/0           [goto] 
    0     0 FWDO_public  all  --  *      +       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 7791  506K FWDI_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 7791  506K FWDI_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 7791  506K FWDI_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    1    84 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDI_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDI_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 7790  506K FWDO_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 7790  506K FWDO_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 7790  506K FWDO_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain FWDO_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       10.66.66.0/24        0.0.0.0/0            ctstate NEW,UNTRACKED

Chain FWDO_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain FWDO_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_ZONES (1 references)
 pkts bytes target     prot opt in     out     source               destination         
 4216  297K IN_public  all  --  ens160 *       0.0.0.0/0            0.0.0.0/0           [goto] 
   23  2734 IN_public  all  --  +      *       0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_public (2 references)
 pkts bytes target     prot opt in     out     source               destination         
 4239  300K IN_public_log  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 4239  300K IN_public_deny  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
 4239  300K IN_public_allow  all  --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain IN_public_allow (1 references)
 pkts bytes target     prot opt in     out     source               destination         
  175 10260 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED
 1018 61136 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW,UNTRACKED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:22 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW,UNTRACKED
   44  2804 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6969 ctstate NEW,UNTRACKED
  434 25940 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:81 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:5903 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6980 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6981 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:6982 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:82 ctstate NEW,UNTRACKED
   53  2996 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 ctstate NEW,UNTRACKED
    1    64 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:75 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:76 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:77 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:78 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:90 ctstate NEW,UNTRACKED
  375 22484 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2086 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2095 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:202 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:208 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2082 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2052 ctstate NEW,UNTRACKED
  100  6252 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080 ctstate NEW,UNTRACKED
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8880 ctstate NEW,UNTRACKED
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:64731 ctstate NEW,UNTRACKED

Chain IN_public_deny (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain IN_public_log (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT_direct (1 references)
 pkts bytes target     prot opt in     out     source               destination         

Chain udp2rawDwrW_46cc7010_C0 (1 references)
 pkts bytes target     prot opt in     out     source               destination         
   76  3114 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

And here's the output of tcpdump -i tun0 before connecting to OpenVPN:

tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes

And here's after I connect to it:

tcpdump -i tun0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tun0, link-type RAW (Raw IP), capture size 262144 bytes
22:45:16.360934 IP 10.8.0.2.63499 > one.one.one.one.domain: 6966+ PTR? lb._dns-sd._udp.0.1.168.192.in-addr.arpa. (58)
22:45:16.360982 IP 23951912052447552280 > 10.8.0.2: ICMP host one.one.one.one unreachable - admin prohibited, length 94
22:45:16.361002 IP 10.8.0.2.53716 > one.one.one.one.domain: 47471+ PTR? 100.1.168.192.in-addr.arpa. (44)
22:45:16.361018 IP 23951912052447552280 > 10.8.0.2: ICMP host one.one.one.one unreachable - admin prohibited, length 80
22:45:16.362743 IP 10.8.0.2.52330 > one.one.one.one.domain: 36750+ PTR? lb._dns-sd._udp.0.0.8.10.in-addr.arpa. (55)
22:45:16.362766 IP 23951912052447552280 > 10.8.0.2: ICMP host one.one.one.one unreachable - admin prohibited, length 91
22:45:16.365807 IP 10.8.0.2.63499 > one.one.one.one.domain: 6966+ PTR? lb._dns-sd._udp.0.1.168.192.in-addr.arpa. (58)
22:45:16.365834 IP 23951912052447552280 > 10.8.0.2: ICMP host one.one.one.one unreachable - admin prohibited, length 94
22:45:16.365852 IP 10.8.0.2.53716 > one.one.one.one.domain: 47471+ PTR? 100.1.168.192.in-addr.arpa. (44)
22:45:16.365868 IP 23951912052447552280 > 10.8.0.2: ICMP host one.one.one.one unreachable - admin prohibited, length 80
22:45:16.368288 IP 10.8.0.2.52330 > one.one.one.one.domain: 36750+ PTR? lb._dns-sd._udp.0.0.8.10.in-addr.arpa. (55)
22:45:16.368318 IP 23951912052447552280 > 10.8.0.2: ICMP host one.one.one.one unreachable - admin prohibited, length 91
22:45:16.370302 IP 10.8.0.2.52870 > one.one.one.one.domain: 14412+ PTR? 100.1.168.192.in-addr.arpa. (44)
22:45:16.523890 IP 10.8.0.2.60316 > one.one.one.one.domain: 45399+ A? gsp64-ssl.ls.apple.com. (40)
22:45:16.523967 IP 10.8.0.2.59793 > one.one.one.one.domain: 51359+ A? www.apple.com. (31)
22:45:16.524013 IP 10.8.0.2.51573 > one.one.one.one.domain: 20437+ A? 1-courier.push.apple.com. (42)
22:45:16.525081 IP 10.8.0.2.53960 > one.one.one.one.domain: 21369+ A? api.apple-cloudkit.com. (40)
22:45:16.527192 IP 10.8.0.2.50532 > one.one.one.one.domain: 26438+ A? configuration.ls.apple.com. (44)
22:45:16.529435 IP 10.8.0.2.51882 > one.one.one.one.domain: 37097+ A? 1-courier.sandbox.push.apple.com. (50)
22:45:16.531746 IP 10.8.0.2.53059 > 91.108.56.111.https: Flags [SEW], seq 338450811, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093645577 ecr 0,sackOK,eol], length 0
22:45:16.533099 IP 10.8.0.2.54112 > one.one.one.one.domain: 40715+ A? www.madrau.com. (32)
22:45:16.535849 IP 10.8.0.2.53062 > 91.108.56.111.http: Flags [SEW], seq 2456034833, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093645578 ecr 0,sackOK,eol], length 0
22:45:16.713073 IP 10.8.0.2.56939 > one.one.one.one.domain: 20658+ A? radarsubmissions.apple.com. (44)
22:45:16.713127 IP 10.8.0.2.62667 > one.one.one.one.domain: 22009+ A? init.push.apple.com. (37)
22:45:17.028509 IP 10.8.0.2.51262 > 239.255.255.250.ssdp: UDP, length 176
22:45:17.028544 IP 10.8.0.2.59809 > one.one.one.one.domain: 60079+ A? mtalk.google.com. (34)
22:45:17.132382 IP 10.8.0.2.53065 > 10.10.34.36.https: Flags [SEW], seq 3781149487, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093646161 ecr 0,sackOK,eol], length 0
22:45:17.367617 IP 10.8.0.2.63499 > one.one.one.one.domain: 6966+ PTR? lb._dns-sd._udp.0.1.168.192.in-addr.arpa. (58)
22:45:17.367668 IP 23951912052447552280 > 10.8.0.2: ICMP host one.one.one.one unreachable - admin prohibited, length 94
22:45:17.367688 IP 10.8.0.2.52330 > one.one.one.one.domain: 36750+ PTR? lb._dns-sd._udp.0.0.8.10.in-addr.arpa. (55)
22:45:17.369552 IP 10.8.0.2.52870 > one.one.one.one.domain: 14412+ PTR? 100.1.168.192.in-addr.arpa. (44)
22:45:17.725973 IP 10.8.0.2.59793 > one.one.one.one.domain: 51359+ A? www.apple.com. (31)
22:45:17.726030 IP 10.8.0.2.51573 > one.one.one.one.domain: 20437+ A? 1-courier.push.apple.com. (42)
22:45:17.726055 IP 10.8.0.2.53960 > one.one.one.one.domain: 21369+ A? api.apple-cloudkit.com. (40)
22:45:17.726079 IP 10.8.0.2.50532 > one.one.one.one.domain: 26438+ A? configuration.ls.apple.com. (44)
22:45:17.726103 IP 10.8.0.2.51882 > one.one.one.one.domain: 37097+ A? 1-courier.sandbox.push.apple.com. (50)
22:45:17.726126 IP 10.8.0.2.54112 > one.one.one.one.domain: 40715+ A? www.madrau.com. (32)
22:45:17.726174 IP 10.8.0.2.56939 > one.one.one.one.domain: 20658+ A? radarsubmissions.apple.com. (44)
22:45:17.726200 IP 10.8.0.2.62667 > one.one.one.one.domain: 22009+ A? init.push.apple.com. (37)
22:45:17.726224 IP 10.8.0.2.53059 > 91.108.56.111.https: Flags [S], seq 338450811, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093646577 ecr 0,sackOK,eol], length 0
22:45:17.726249 IP 10.8.0.2.53062 > 91.108.56.111.http: Flags [S], seq 2456034833, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093646578 ecr 0,sackOK,eol], length 0
22:45:17.922321 IP 10.8.0.2.53066 > ams15s21-in-f138.1e100.net.https: Flags [SEW], seq 3014126703, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093646947 ecr 0,sackOK,eol], length 0
22:45:18.203016 IP 10.8.0.2.51262 > 239.255.255.250.ssdp: UDP, length 176
22:45:18.203060 IP 10.8.0.2.59809 > one.one.one.one.domain: 60079+ A? mtalk.google.com. (34)
22:45:18.377713 IP 10.8.0.2.53065 > 10.10.34.36.https: Flags [S], seq 3781149487, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093647161 ecr 0,sackOK,eol], length 0
22:45:18.377763 IP 23951912052447552280 > 10.8.0.2: ICMP host 10.10.34.36 unreachable - admin prohibited, length 72
22:45:18.696580 IP 10.8.0.2.63499 > one.one.one.one.domain: 6966+ PTR? lb._dns-sd._udp.0.1.168.192.in-addr.arpa. (58)
22:45:18.696675 IP 10.8.0.2.52330 > one.one.one.one.domain: 36750+ PTR? lb._dns-sd._udp.0.0.8.10.in-addr.arpa. (55)
22:45:18.696711 IP 10.8.0.2.53067 > 91.108.56.111.https: Flags [SEW], seq 2427387506, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093647537 ecr 0,sackOK,eol], length 0
22:45:18.696749 IP 10.8.0.2.53070 > 91.108.56.111.http: Flags [SEW], seq 1261704993, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093647538 ecr 0,sackOK,eol], length 0
22:45:18.696784 IP 10.8.0.2.53073 > 10.10.34.36.https: Flags [SEW], seq 3210044483, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093647568 ecr 0,sackOK,eol], length 0
22:45:18.719281 IP 10.8.0.2.53074 > any-in-2678.1e100.net.https: Flags [SEW], seq 1411185388, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093647733 ecr 0,sackOK,eol], length 0
22:45:19.632625 IP 10.8.0.2.53066 > ams15s21-in-f138.1e100.net.https: Flags [S], seq 3014126703, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093647947 ecr 0,sackOK,eol], length 0
22:45:19.632682 IP 23951912052447552280 > 10.8.0.2: ICMP host ams15s21-in-f138.1e100.net unreachable - admin prohibited, length 72
22:45:19.632701 IP 10.8.0.2.51262 > 239.255.255.250.ssdp: UDP, length 176
22:45:19.632719 IP 10.8.0.2.52870 > one.one.one.one.domain: 14412+ PTR? 100.1.168.192.in-addr.arpa. (44)
22:45:19.632759 IP 10.8.0.2.53075 > any-in-2678.1e100.net.https: Flags [SEW], seq 2289735527, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093648525 ecr 0,sackOK,eol], length 0
22:45:19.632782 IP 10.8.0.2.59793 > one.one.one.one.domain: 51359+ A? www.apple.com. (31)
22:45:19.632803 IP 10.8.0.2.51573 > one.one.one.one.domain: 20437+ A? 1-courier.push.apple.com. (42)
22:45:19.632823 IP 10.8.0.2.53960 > one.one.one.one.domain: 21369+ A? api.apple-cloudkit.com. (40)
22:45:19.632843 IP 10.8.0.2.50532 > one.one.one.one.domain: 26438+ A? configuration.ls.apple.com. (44)
22:45:19.632863 IP 10.8.0.2.51882 > one.one.one.one.domain: 37097+ A? 1-courier.sandbox.push.apple.com. (50)
22:45:19.632883 IP 10.8.0.2.54112 > one.one.one.one.domain: 40715+ A? www.madrau.com. (32)
22:45:19.632903 IP 10.8.0.2.56939 > one.one.one.one.domain: 20658+ A? radarsubmissions.apple.com. (44)
22:45:19.632923 IP 10.8.0.2.62667 > one.one.one.one.domain: 22009+ A? init.push.apple.com. (37)
22:45:19.632943 IP 10.8.0.2.49661 > one.one.one.one.domain: 30889+ A? self.events.data.microsoft.com. (48)
22:45:19.632963 IP 10.8.0.2.53067 > 91.108.56.111.https: Flags [S], seq 2427387506, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093648537 ecr 0,sackOK,eol], length 0
22:45:19.738242 IP 10.8.0.2.53074 > any-in-2678.1e100.net.https: Flags [S], seq 1411185388, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093648733 ecr 0,sackOK,eol], length 0
22:45:19.810583 IP 10.8.0.2.53076 > ams15s22-in-f170.1e100.net.https: Flags [SEW], seq 2352629644, win 65535, options [mss 1359,nop,wscale 6,nop,nop,TS val 1093648803 ecr 0,sackOK,eol], length 0
22:45:20.026331 IP 10.8.0.2.51262 > 239.255.255.250.ssdp: UDP, length 176
22:45:20.029851 IP 10.8.0.2.59809 > one.one.one.one.domain: 60079+ A? mtalk.google.com. (34)
22:45:20.321839 IP 10.8.0.2.51039 > one.one.one.one.domain: 27155+ A? www.google.ru. (31)
22:45:20.330333 IP 10.8.0.2.50375 > one.one.one.one.domain: 7439+ A? ident.me. (26)
22:45:20.370704 IP 10.8.0.2.63499 > one.one.one.one.domain: 6966+ PTR? lb._dns-sd._udp.0.1.168.192.in-addr.arpa. (58)
22:45:20.370763 IP 23951912052447552280 > 10.8.0.2: ICMP host one.one.one.one unreachable - admin prohibited, length 94

Keeps on going forever.

195
1 + 0
Score:0
Steve Moretz avatar Server
in flag
Steve Moretz

Checking the iptable output more carefully I see that the openvpn rules for (tun0) are not applied at all, applying them manually solved the issue, the rules are at:

/etc/iptables/add-openvpn-rules.sh

and the content is

iptables -t nat -I POSTROUTING 1 -s 10.8.0.0/24 -o ens160 -j MASQUERADE
iptables -I INPUT 1 -i tun0 -j ACCEPT
iptables -I FORWARD 1 -i ens160 -o tun0 -j ACCEPT
iptables -I FORWARD 1 -i tun0 -o ens160 -j ACCEPT

So I did :

sh /etc/iptables/add-openvpn-rules.sh

for now.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.