0

I'm trying to understand how does a VPN I'm using works. In this case it's nordvpn, but the question should be vendor neutral focusing on the underlying Linux mechanisms and tools to check what's up without relying on any vendor tools.

First I had to install an app and run it with sudo. It did stuff and now I have a VPN connection. I don't know if it installed a kernel module or it's just userspace.

There is a new network interface created:

$ ip a
6: nordlynx: <POINTOPOINT,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.5.0.2/32 scope global nordlynx
       valid_lft forever preferred_lft forever

However there the routing tables haven't changed:

$ ip route show
default via 10.1.10.1 dev wlp3s0 proto dhcp metric 20600 
10.1.10.0/24 dev wlp3s0 proto kernel scope link src 10.1.10.210 metric 600 
169.254.0.0/16 dev wlp3s0 scope link metric 1000

And it did some stuff with the firewall:

$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
CONNMARK   all  --  anywhere             anywhere             mark match 0xe1f1 /* nordvpn */ CONNMARK save
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
CONNMARK   all  --  anywhere             anywhere             mark match 0xe1f1 /* nordvpn */ CONNMARK save
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
CONNMARK   all  --  anywhere             anywhere             mark match 0xe1f1 /* nordvpn */ CONNMARK save
ACCEPT     all  --  anywhere             anywhere             connmark match  0xe1f1 /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */
DROP       all  --  anywhere             anywhere             /* nordvpn */

So my questions are:

  • if the firewall is being used for routing, won't that make a mess where routing tables and firewall tables start stepping on each other's toes?
  • if the iptables is just a mislead, what other mechanism could be working in the background to achieve the VPN connectivity and how can I check them (with CLI commands)?
Improve this question
1
  • You should really ask the people who provided you with the app that does things. I've used OpenVPN to connect to a variety of providers in the past, and always got a new default route. Currently I'm using wireguard, and the script establishing that connection also makes sure I have a new default route. P.S.: Is your machine in fact dual-homed, or what is that default route on 10.1.10.1?
    – tink
    Commented Feb 12 at 3:12

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .