Allow localhost connections with VPN











up vote
0
down vote

favorite












Note: Cross-posting from Unix & Linux since the question got no replies there.



I have some services running as web servers on my PC (e.g., Jupyter Notebook), which stop working when I connect to my VPN through their app (their support team confirmed that this should be the case).



After I run the VPN app, I see the following:



$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
463 104K vpn_input all -- any any anywhere anywhere


The VPN provider actually suggested adding something like



ip route add table 220 192.168.1.0/24 dev tun0



in /etc/rc.local (tun0 is the VPN interface). I don't really understand that command, but I did this instead:



$ sudo iptables --insert INPUT 1 --in-interface lo --jump ACCEPT
$ sudo iptables --list INPUT --verbose
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo any anywhere anywhere
1152 255K vpn_input all -- any any anywhere anywhere


The way I understand these rules is that all localhost connections are accepted, and anything else proceeds through the VPN rules. When I tested it, connections to localhost started working, and my connection to the outside world (tested with https://ipleak.net/) still seemed to go through the VPN.



My questions are:




  • Is this the/a correct way to do this?

  • Does this open any vulnerabilities while using the VPN (either by allowing information to leak somehow or by creating security holes when I'm connected through a public/shared network)?


System




  • OS: 4.15.0-38-generic #41~16.04.1-Ubuntu SMP x86_64 GNU/Linux

  • iptables v1.6.0










share|improve this question


























    up vote
    0
    down vote

    favorite












    Note: Cross-posting from Unix & Linux since the question got no replies there.



    I have some services running as web servers on my PC (e.g., Jupyter Notebook), which stop working when I connect to my VPN through their app (their support team confirmed that this should be the case).



    After I run the VPN app, I see the following:



    $ sudo iptables --list INPUT --verbose
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    463 104K vpn_input all -- any any anywhere anywhere


    The VPN provider actually suggested adding something like



    ip route add table 220 192.168.1.0/24 dev tun0



    in /etc/rc.local (tun0 is the VPN interface). I don't really understand that command, but I did this instead:



    $ sudo iptables --insert INPUT 1 --in-interface lo --jump ACCEPT
    $ sudo iptables --list INPUT --verbose
    Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    0 0 ACCEPT all -- lo any anywhere anywhere
    1152 255K vpn_input all -- any any anywhere anywhere


    The way I understand these rules is that all localhost connections are accepted, and anything else proceeds through the VPN rules. When I tested it, connections to localhost started working, and my connection to the outside world (tested with https://ipleak.net/) still seemed to go through the VPN.



    My questions are:




    • Is this the/a correct way to do this?

    • Does this open any vulnerabilities while using the VPN (either by allowing information to leak somehow or by creating security holes when I'm connected through a public/shared network)?


    System




    • OS: 4.15.0-38-generic #41~16.04.1-Ubuntu SMP x86_64 GNU/Linux

    • iptables v1.6.0










    share|improve this question
























      up vote
      0
      down vote

      favorite









      up vote
      0
      down vote

      favorite











      Note: Cross-posting from Unix & Linux since the question got no replies there.



      I have some services running as web servers on my PC (e.g., Jupyter Notebook), which stop working when I connect to my VPN through their app (their support team confirmed that this should be the case).



      After I run the VPN app, I see the following:



      $ sudo iptables --list INPUT --verbose
      Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
      pkts bytes target prot opt in out source destination
      463 104K vpn_input all -- any any anywhere anywhere


      The VPN provider actually suggested adding something like



      ip route add table 220 192.168.1.0/24 dev tun0



      in /etc/rc.local (tun0 is the VPN interface). I don't really understand that command, but I did this instead:



      $ sudo iptables --insert INPUT 1 --in-interface lo --jump ACCEPT
      $ sudo iptables --list INPUT --verbose
      Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
      pkts bytes target prot opt in out source destination
      0 0 ACCEPT all -- lo any anywhere anywhere
      1152 255K vpn_input all -- any any anywhere anywhere


      The way I understand these rules is that all localhost connections are accepted, and anything else proceeds through the VPN rules. When I tested it, connections to localhost started working, and my connection to the outside world (tested with https://ipleak.net/) still seemed to go through the VPN.



      My questions are:




      • Is this the/a correct way to do this?

      • Does this open any vulnerabilities while using the VPN (either by allowing information to leak somehow or by creating security holes when I'm connected through a public/shared network)?


      System




      • OS: 4.15.0-38-generic #41~16.04.1-Ubuntu SMP x86_64 GNU/Linux

      • iptables v1.6.0










      share|improve this question













      Note: Cross-posting from Unix & Linux since the question got no replies there.



      I have some services running as web servers on my PC (e.g., Jupyter Notebook), which stop working when I connect to my VPN through their app (their support team confirmed that this should be the case).



      After I run the VPN app, I see the following:



      $ sudo iptables --list INPUT --verbose
      Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
      pkts bytes target prot opt in out source destination
      463 104K vpn_input all -- any any anywhere anywhere


      The VPN provider actually suggested adding something like



      ip route add table 220 192.168.1.0/24 dev tun0



      in /etc/rc.local (tun0 is the VPN interface). I don't really understand that command, but I did this instead:



      $ sudo iptables --insert INPUT 1 --in-interface lo --jump ACCEPT
      $ sudo iptables --list INPUT --verbose
      Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
      pkts bytes target prot opt in out source destination
      0 0 ACCEPT all -- lo any anywhere anywhere
      1152 255K vpn_input all -- any any anywhere anywhere


      The way I understand these rules is that all localhost connections are accepted, and anything else proceeds through the VPN rules. When I tested it, connections to localhost started working, and my connection to the outside world (tested with https://ipleak.net/) still seemed to go through the VPN.



      My questions are:




      • Is this the/a correct way to do this?

      • Does this open any vulnerabilities while using the VPN (either by allowing information to leak somehow or by creating security holes when I'm connected through a public/shared network)?


      System




      • OS: 4.15.0-38-generic #41~16.04.1-Ubuntu SMP x86_64 GNU/Linux

      • iptables v1.6.0







      vpn iptables firewall






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Nov 19 at 22:43









      Ratler

      97110




      97110



























          active

          oldest

          votes











          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














           

          draft saved


          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1094360%2fallow-localhost-connections-with-vpn%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown






























          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















           

          draft saved


          draft discarded



















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1094360%2fallow-localhost-connections-with-vpn%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          數位音樂下載

          When can things happen in Etherscan, such as the picture below?

          格利澤436b