0

I'm trying to setup my RPi 3 (buster) with a deluge server and a VPN (Private Internet Access)

I have followed theses guides

I was able to connect the Thin Client from my Windows machine to my Raspberry Pi before setuping the VPN. But after setuping my VPN, the connection fails. The Deluge server runs on port 58846.

My status currently: - On the RPie, I am able to connect to the internet. The VPN function correctly curl icanhazip.com return an IP located outside my country

  • On my Windows machine, I can ping my RPie, but only with the hostname -- Strangely, ping shows IP V6 connection -- If I try to ping using my IP V4, the ping fails

Futhermore, on my Windows machine, I can telnet to my RPie, but only by using the hostname. telnet raspberrypi 22 shows the SSH connection BUT, if I Telnet to the Deluge server port, no connection succeed telnet raspberrypi 58846

Here is my /etc/network/interfaces (I'm using Wi-Fi)

# interfaces(5) file used by ifup(8) and ifdown(8) # Please note that this file is written to be used with dhcpcd # For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf' # Include files from /etc/network/interfaces.d: source-directory /etc/network/interfaces.d auto lo iface lo inet loopback auto wlan0 iface wlan0 inet static address 192.168.86.40 netmask 255.255.255.0 gateway 192.168.86.1 dns-nameservers 1.1.1.1 1.0.0.1 wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf up route add -net 192.168.86.0 netmask 255.255.255.0 gw 192.168.86.1 metric 300

Here is my iptables

Chain INPUT (policy DROP) target prot opt source destination f2b-ssh tcp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT all -- 192.168.0.0/24 anywhere ACCEPT udp -- anywhere anywhere udp spt:domain ACCEPT udp -- anywhere anywhere udp spt:1198 LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: " ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,ESTABLISHED ACCEPT tcp -- anywhere anywhere tcp dpts:56881:56889 ACCEPT udp -- anywhere anywhere udp dpts:56881:56889 ACCEPT tcp -- anywhere anywhere tcp dpt:58846 ACCEPT udp -- anywhere anywhere udp dpt:58846 ACCEPT tcp -- anywhere anywhere tcp dpt:58846 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED Chain FORWARD (policy DROP) target prot opt source destination Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere 192.168.0.0/24 ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT udp -- anywhere anywhere udp dpt:1198 ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere tcp spt:ssh ctstate ESTABLISHED Chain f2b-ssh (1 references) target prot opt source destination RETURN all -- anywhere anywhere

sudo netstat -npl give the following information:

Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:58504 0.0.0.0:* LISTEN 708/python tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 613/smbd tcp 0 0 0.0.0.0:5900 0.0.0.0:* LISTEN 599/vncserver-x11-c tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 601/sshd tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 613/smbd tcp 0 0 0.0.0.0:58846 0.0.0.0:* LISTEN 708/python tcp6 0 0 :::58504 :::* LISTEN 708/python tcp6 0 0 :::139 :::* LISTEN 613/smbd tcp6 0 0 :::5900 :::* LISTEN 599/vncserver-x11-c tcp6 0 0 :::22 :::* LISTEN 601/sshd tcp6 0 0 :::445 :::* LISTEN 613/smbd udp 0 0 0.0.0.0:48645 0.0.0.0:* 320/avahi-daemon: r udp 0 0 10.79.10.6:6771 0.0.0.0:* 708/python udp 0 0 192.168.86.40:6771 0.0.0.0:* 708/python udp 0 0 127.0.0.1:6771 0.0.0.0:* 708/python udp 0 0 0.0.0.0:6771 0.0.0.0:* 708/python udp 0 0 0.0.0.0:58504 0.0.0.0:* 708/python udp 0 0 192.168.86.255:137 0.0.0.0:* 595/nmbd udp 0 0 192.168.86.40:137 0.0.0.0:* 595/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 595/nmbd udp 0 0 192.168.86.255:138 0.0.0.0:* 595/nmbd udp 0 0 192.168.86.40:138 0.0.0.0:* 595/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 595/nmbd udp 0 0 127.0.0.1:47321 0.0.0.0:* 708/python udp 0 0 0.0.0.0:46815 0.0.0.0:* 583/openvpn udp 0 0 0.0.0.0:5353 0.0.0.0:* 320/avahi-daemon: r udp 0 0 10.79.10.6:42749 0.0.0.0:* 708/python udp 0 0 0.0.0.0:53001 0.0.0.0:* 708/python udp 0 0 127.0.0.1:58669 0.0.0.0:* 708/python udp 0 0 10.79.10.6:1900 0.0.0.0:* 708/python udp 0 0 127.0.0.1:1900 0.0.0.0:* 708/python udp 0 0 0.0.0.0:1900 0.0.0.0:* 708/python udp 0 0 10.79.10.6:54676 0.0.0.0:* 708/python udp 0 0 192.168.86.40:56234 0.0.0.0:* 708/python udp6 0 0 fe80::7833:fd16:c:52252 :::* 708/python udp6 0 0 fe80::7833:fd16:cc:6771 :::* 708/python udp6 0 0 fe80::ba27:ebff:fe:6771 :::* 708/python udp6 0 0 ::1:6771 :::* 708/python udp6 0 0 :::6771 :::* 708/python udp6 0 0 :::58504 :::* 708/python udp6 0 0 :::38084 :::* 320/avahi-daemon: r udp6 0 0 :::5353 :::* 320/avahi-daemon: r udp6 0 0 ::1:35203 :::* 708/python udp6 0 0 fe80::ba27:ebff:f:33185 :::* 708/python Active UNIX domain sockets (only servers) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 1580 1/init /run/systemd/private unix 2 [ ACC ] STREAM LISTENING 12591 1/init /var/run/pcscd/pcscd.comm unix 2 [ ACC ] STREAM LISTENING 1586 1/init /run/systemd/fsck.progress unix 2 [ ACC ] STREAM LISTENING 12595 1/init /run/avahi-daemon/socket unix 2 [ ACC ] STREAM LISTENING 12598 1/init /var/run/dbus/system_bus_socket unix 2 [ ACC ] SEQPACKET LISTENING 1591 1/init /run/udev/control unix 2 [ ACC ] STREAM LISTENING 12602 1/init /run/thd.socket unix 2 [ ACC ] STREAM LISTENING 15931 595/nmbd /var/run/samba/nmbd/unexpected unix 2 [ ACC ] STREAM LISTENING 1603 1/init /run/systemd/journal/stdout unix 2 [ ACC ] STREAM LISTENING 15249 651/systemd /run/user/1001/systemd/private unix 2 [ ACC ] STREAM LISTENING 15255 651/systemd /run/user/1001/gnupg/S.gpg-agent.ssh unix 2 [ ACC ] STREAM LISTENING 15258 651/systemd /run/user/1001/gnupg/S.gpg-agent.browser unix 2 [ ACC ] STREAM LISTENING 15260 651/systemd /run/user/1001/bus unix 2 [ ACC ] STREAM LISTENING 15262 651/systemd /run/user/1001/gnupg/S.dirmngr unix 2 [ ACC ] STREAM LISTENING 15264 651/systemd /run/user/1001/gnupg/S.gpg-agent.extra unix 2 [ ACC ] STREAM LISTENING 15266 651/systemd /run/user/1001/gnupg/S.gpg-agent unix 2 [ ACC ] STREAM LISTENING 14973 599/vncserver-x11-c /tmp/.vnc-vncservice/vncserver-x11.CtrlComms unix 2 [ ACC ] STREAM LISTENING 15046 596/python3 /var/run/fail2ban/fail2ban.sock unix 2 [ ACC ] SEQPACKET LISTENING 13798 534/bluealsa /var/run/bluealsa/hci0
Improve this question
5
  • You should not use old style Debian ifupdown anymore. It is deprecated since at least two Raspbian versions now. Commented Jul 7, 2019 at 19:36
  • @Ingo I'm not a sysadmin :) Can you give me a little bit more detail about what I'm doing wrong with ifupdown? Commented Jul 7, 2019 at 20:18
  • 1
    Do you have noted "# Please note that this file is written to be used with dhcpcd" in the interfaces file? Do you have dhcpcd managed accordingly? I'm not familiar with this. I prefer systemd-networkd. And as long as you have problems with connections I would make iptables complete transparent. iptables is used to restrict connections in general. Commented Jul 7, 2019 at 22:26
  • @Ingo Yes, DHCP looks to be working (I have an IP adress and I can ping google.com). How would I make "I would make iptables complete transparent"? The way I understand the setup is to make the connection build in a way that if the VPN is down, there is no connection to the internet possible. Commented Jul 8, 2019 at 0:48
  • To make iptables transparent you can look at Route wifi AP traffic(wlan0) to tun0 (openvpn) and keep eth0 unaffected for LAN SSH. There is an example. I had only a glance at the tutorials you have linked, tl;dr; As far as I understand Deluge is just a server running on the RasPi and has nothing to do with network connections and vpn. It must only reachable. Can you confirm this? Commented Jul 8, 2019 at 10:49

0

Reset to default

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.