0

Has anyone got a VPN Split tunnel working on the above linux distribution? I have followed this (excellent) guide which seems to work to a certain extent.

The problem is that, as listed in the comments, the vpn user seems to have DNS related issues which basically invalidates the entire set up. Someone in the comments suggested the below may fix:

sudo apt install openvpn-systemd-resolved

Then reconfiguring Up/Down in openvpn.conf to use the following:

up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf

but still, my vpn user has zero connectivity.

Needless to say this is my first homelab/linux exposure so any assistance to get this sorted would be greatly appreciated.

EDIT

What I am trying to do:

I am trying to configure a vpn user on my Ubuntu 22.04 server to make use of my VPN connection on interface tun0, while allowing all other traffic to use my main home ethernet connection on interface enp89s0.

What the problem is:

The vpn user cannot access the internet, while other users remain fully connected. E.g. When running the below

sudo -u vpn -i -- curl ipinfo.io

The request eventually times out with the following error:

curl: (28) Failed to connect to ipinfo.io port 80 after 130351 ms: Connection timed out

What I have tried:

  1. removed references to /etc/openvpn/update-resolv-conf to rule out bad / outdated DNS scripting.

  2. Ensured that the symlink /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf remains intact after all my actions

  3. Adding adding the following line to /etc/systemd/resolved.conf DNSOverTLS=opportunistic

  4. Forcing specific DNS servers by adding the following 3 lines to my opvn config

    pull-filter ignore "dhcp-option DNS" dhcp-option DNS 9.9.9.9 dhcp-option DNS 149.112.112.112

Amongst other, crazy and far fetched ideas... Nothing has worked.

To confirm, my tun0 interface is working correctly, which I have verified by removing the following line from ovpn config:

route-noexec

Then

curl ipinfo.io

Successfully returns the VPN connection ip info.

@mpboden I have followed all the steps in your solution to the other problem you kindly listed, and the issue persists.

Thanks

Improve this question
3
  • Does this help? askubuntu.com/a/1465806/1684306
    – mpboden
    Commented Oct 29, 2023 at 17:51
  • A split tunnel implies that you want to route some traffic out the VPN and other traffic out your ISP. This would also apply to your DNS queries respectively. You'll need to provide more information in your question as to your intentions. I would start with ensuring the VPN is setup as required. From there, you can get the DNS queries working properly. Please update your question with more information. What do you want to do? What have you specifically done? Where are you stuck?
    – mpboden
    Commented Oct 29, 2023 at 19:46
  • That’s an excellent write up you have done on the other post - I am going to have a full read of it. To clarify, I am looking to have 2 users on the server. One of the users will have all traffic routed through my VPN, while the other will use my vanilla home internet connection. I can successfully set up my tun0 interface that routes through the vpn, my problem arises when I want to bind one specific user to that interface while leaving the other user’s traffic untouched. I will update my question with more details shortly - thanks for taking the time to reply.
    – BlueisDue
    Commented Oct 29, 2023 at 21:07

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .