Allow localhost connections with VPN
up vote
0
down vote
favorite
Note: Cross-posting from Unix & Linux since the question got no replies there.
I have some services running as web servers on my PC (e.g., Jupyter Notebook), which stop working when I connect to my VPN through their app (their support team confirmed that this should be the case).
After I run the VPN app, I see the following:
$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
463 104K vpn_input all -- any any anywhere anywhere
The VPN provider actually suggested adding something like
ip route add table 220 192.168.1.0/24 dev tun0
in /etc/rc.local (tun0 is the VPN interface). I don't really understand that command, but I did this instead:
$ sudo iptables --insert INPUT 1 --in-interface lo --jump ACCEPT
$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
1152 255K vpn_input all -- any any anywhere anywhere
The way I understand these rules is that all localhost connections are accepted, and anything else proceeds through the VPN rules. When I tested it, connections to localhost started working, and my connection to the outside world (tested with https://ipleak.net/) still seemed to go through the VPN.
My questions are:
- Is this the/a correct way to do this?
- Does this open any vulnerabilities while using the VPN (either by allowing information to leak somehow or by creating security holes when I'm connected through a public/shared network)?
System
- OS: 4.15.0-38-generic #41~16.04.1-Ubuntu SMP x86_64 GNU/Linux
- iptables v1.6.0
vpn iptables firewall
add a comment |
up vote
0
down vote
favorite
Note: Cross-posting from Unix & Linux since the question got no replies there.
I have some services running as web servers on my PC (e.g., Jupyter Notebook), which stop working when I connect to my VPN through their app (their support team confirmed that this should be the case).
After I run the VPN app, I see the following:
$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
463 104K vpn_input all -- any any anywhere anywhere
The VPN provider actually suggested adding something like
ip route add table 220 192.168.1.0/24 dev tun0
in /etc/rc.local (tun0 is the VPN interface). I don't really understand that command, but I did this instead:
$ sudo iptables --insert INPUT 1 --in-interface lo --jump ACCEPT
$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
1152 255K vpn_input all -- any any anywhere anywhere
The way I understand these rules is that all localhost connections are accepted, and anything else proceeds through the VPN rules. When I tested it, connections to localhost started working, and my connection to the outside world (tested with https://ipleak.net/) still seemed to go through the VPN.
My questions are:
- Is this the/a correct way to do this?
- Does this open any vulnerabilities while using the VPN (either by allowing information to leak somehow or by creating security holes when I'm connected through a public/shared network)?
System
- OS: 4.15.0-38-generic #41~16.04.1-Ubuntu SMP x86_64 GNU/Linux
- iptables v1.6.0
vpn iptables firewall
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
Note: Cross-posting from Unix & Linux since the question got no replies there.
I have some services running as web servers on my PC (e.g., Jupyter Notebook), which stop working when I connect to my VPN through their app (their support team confirmed that this should be the case).
After I run the VPN app, I see the following:
$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
463 104K vpn_input all -- any any anywhere anywhere
The VPN provider actually suggested adding something like
ip route add table 220 192.168.1.0/24 dev tun0
in /etc/rc.local (tun0 is the VPN interface). I don't really understand that command, but I did this instead:
$ sudo iptables --insert INPUT 1 --in-interface lo --jump ACCEPT
$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
1152 255K vpn_input all -- any any anywhere anywhere
The way I understand these rules is that all localhost connections are accepted, and anything else proceeds through the VPN rules. When I tested it, connections to localhost started working, and my connection to the outside world (tested with https://ipleak.net/) still seemed to go through the VPN.
My questions are:
- Is this the/a correct way to do this?
- Does this open any vulnerabilities while using the VPN (either by allowing information to leak somehow or by creating security holes when I'm connected through a public/shared network)?
System
- OS: 4.15.0-38-generic #41~16.04.1-Ubuntu SMP x86_64 GNU/Linux
- iptables v1.6.0
vpn iptables firewall
Note: Cross-posting from Unix & Linux since the question got no replies there.
I have some services running as web servers on my PC (e.g., Jupyter Notebook), which stop working when I connect to my VPN through their app (their support team confirmed that this should be the case).
After I run the VPN app, I see the following:
$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
463 104K vpn_input all -- any any anywhere anywhere
The VPN provider actually suggested adding something like
ip route add table 220 192.168.1.0/24 dev tun0
in /etc/rc.local (tun0 is the VPN interface). I don't really understand that command, but I did this instead:
$ sudo iptables --insert INPUT 1 --in-interface lo --jump ACCEPT
$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
1152 255K vpn_input all -- any any anywhere anywhere
The way I understand these rules is that all localhost connections are accepted, and anything else proceeds through the VPN rules. When I tested it, connections to localhost started working, and my connection to the outside world (tested with https://ipleak.net/) still seemed to go through the VPN.
My questions are:
- Is this the/a correct way to do this?
- Does this open any vulnerabilities while using the VPN (either by allowing information to leak somehow or by creating security holes when I'm connected through a public/shared network)?
System
- OS: 4.15.0-38-generic #41~16.04.1-Ubuntu SMP x86_64 GNU/Linux
- iptables v1.6.0
vpn iptables firewall
vpn iptables firewall
asked Nov 19 at 22:43
Ratler
97110
97110
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1094360%2fallow-localhost-connections-with-vpn%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown