Hi,
I just discovered pia-tools (which is, in my opinion, the best pia-helper out there).
I encountered an issue when trying to block all non-VPN traffic with the option --disallow
The scenario is :
- I configure pia-tools
- I am not connected to pia yet
- I run pia-tools -d
- My interface gets denied in ufw
- I try to start OpenVPN via
systemctl start pia@Sweden
- OpenVPN can not resolve privateinternetaccess dns names because my interface is blocked by ufw.
Here are systemd logs
Aug 15 13:53:17 raclette systemd[1]: Started PIA OpenVPN connection to Sweden.
Aug 15 13:53:17 raclette openvpn@Sweden[12752]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 15 13:53:17 raclette openvpn@Sweden[12752]: RESOLVE: Cannot resolve host address: sweden.privateinternetaccess.com:1198 (Name or service not known)
Aug 15 13:53:17 raclette openvpn@Sweden[12752]: RESOLVE: Cannot resolve host address: sweden.privateinternetaccess.com:1198 (Name or service not known)
Aug 15 13:53:17 raclette openvpn@Sweden[12752]: Could not determine IPv4/IPv6 protocol
Aug 15 13:53:17 raclette openvpn@Sweden[12752]: SIGUSR1[soft,init_instance] received, process restarting
And it will loop in this state until I disable ufw, and OpenVPN can connect to pia's VPNs.
I can then re-enable ufw and it keeps working.
Would it be possible to whitelist all private internet access IP's in ufw since we have the list from pia itself when installing pia-tools ?
By the way, the quick help pia-tools -h outputs
-a: Block non VPN traffic (iptables) -d: Unblock non VPN traffic (iptables)
but should output
-a: Allow non VPN traffic (iptables) -d: Block non VPN traffic (iptables)
(The manpage is right).
Thanks
Hi,
I just discovered pia-tools (which is, in my opinion, the best pia-helper out there).
I encountered an issue when trying to block all non-VPN traffic with the option
--disallowThe scenario is :
systemctl start pia@SwedenHere are systemd logs
And it will loop in this state until I disable ufw, and OpenVPN can connect to pia's VPNs.
I can then re-enable ufw and it keeps working.
Would it be possible to whitelist all private internet access IP's in ufw since we have the list from pia itself when installing pia-tools ?
By the way, the quick help
pia-tools -houtputs-a: Block non VPN traffic (iptables) -d: Unblock non VPN traffic (iptables)but should output
-a: Allow non VPN traffic (iptables) -d: Block non VPN traffic (iptables)(The manpage is right).
Thanks