Has anyone got a VPN Split tunnel working on the above linux distribution? I have followed this (excellent) guide which seems to work to a certain extent.
The problem is that, as listed in the comments, the vpn user seems to have DNS related issues which basically invalidates the entire set up. Someone in the comments suggested the below may fix:
sudo apt install openvpn-systemd-resolved
Then reconfiguring Up/Down in openvpn.conf to use the following:
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
but still, my vpn user has zero connectivity.
Needless to say this is my first homelab/linux exposure so any assistance to get this sorted would be greatly appreciated.
EDIT
What I am trying to do:
I am trying to configure a vpn user on my Ubuntu 22.04 server to make use of my VPN connection on interface tun0, while allowing all other traffic to use my main home ethernet connection on interface enp89s0.
What the problem is:
The vpn user cannot access the internet, while other users remain fully connected. E.g. When running the below
sudo -u vpn -i -- curl ipinfo.io
The request eventually times out with the following error:
curl: (28) Failed to connect to ipinfo.io port 80 after 130351 ms: Connection timed out
What I have tried:
removed references to /etc/openvpn/update-resolv-conf to rule out bad / outdated DNS scripting.
Ensured that the symlink /etc/resolv.conf -> ../run/systemd/resolve/stub-resolv.conf remains intact after all my actions
Adding adding the following line to /etc/systemd/resolved.conf
DNSOverTLS=opportunistic
Forcing specific DNS servers by adding the following 3 lines to my opvn config
pull-filter ignore "dhcp-option DNS" dhcp-option DNS 9.9.9.9 dhcp-option DNS 149.112.112.112
Amongst other, crazy and far fetched ideas... Nothing has worked.
To confirm, my tun0 interface is working correctly, which I have verified by removing the following line from ovpn config:
route-noexec
Then
curl ipinfo.io
Successfully returns the VPN connection ip info.
@mpboden I have followed all the steps in your solution to the other problem you kindly listed, and the issue persists.
Thanks