2

This might be an issue with VPN configuration, but what I'd like to do is have a specific user account use a VPN connection and have the rest of the system use non-VPN connection. The problem I'm running into is I cannot seem to establish both a VPN and a non-VPN connection.

Some information about my setup. I have a fresh installation of Ubuntu Server 16.04 and am using OpenVPN to establish VPN connections (to the Private Internet Access VPN servers).

For example. If I run ifconfig I receive the following:

enp2s0 Link encap:Ethernet HWaddr fc:aa:14:cd:89:1c inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::feaa:14ff:fecd:891c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:638452 errors:0 dropped:0 overruns:0 frame:0 TX packets:93481 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:901618753 (901.6 MB) TX bytes:5702645 (5.7 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:176 errors:0 dropped:0 overruns:0 frame:0 TX packets:176 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:12800 (12.8 KB) TX bytes:12800 (12.8 KB) virbr0 Link encap:Ethernet HWaddr 52:54:00:60:89:9c inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

Now, using the above interfaces, I can execute the following:

$ curl --interface enp2s0 icanhazip.com

and it will successfully return my IP address. Next up, I connect to the VPN utilizing the following settings:

client dev tun proto udp remote us-chicago.privateinternetaccess.com 1198 resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server auth-user-pass pia.cred # route-nopull comp-lzo verb 1 reneg-sec 0 crl-verify crl.rsa.2048.pem ca ca.rsa.2048.crt disable-occ

It will establish a connection and provides the following from ifconfig:

enp2s0 Link encap:Ethernet HWaddr fc:aa:14:cd:89:1c inet addr:192.168.2.2 Bcast:192.168.2.255 Mask:255.255.255.0 inet6 addr: fe80::feaa:14ff:fecd:891c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:638594 errors:0 dropped:0 overruns:0 frame:0 TX packets:93598 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:901632961 (901.6 MB) TX bytes:5727985 (5.7 MB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:176 errors:0 dropped:0 overruns:0 frame:0 TX packets:176 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:12800 (12.8 KB) TX bytes:12800 (12.8 KB) tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:10.53.10.6 P-t-P:10.53.10.5 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 B) TX bytes:375 (375.0 B) virbr0 Link encap:Ethernet HWaddr 52:54:00:60:89:9c inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

Now, executing the following command will successfully go through the VPN:

$ curl --interface tun0 icanhazip.com

However, executing the following command will fail to connect:

$ curl --interface enp2s0 icanhazip.com

What I would like to have happen is, I would like to be able to connect through the VPN via tun0 and non-VPN via enp2s0. From there, I can set up iptables routing to route specific connections as needed.

Update: A comment recommended using a network namespace, so afearch searching, I found an article on using a network namespace with OpenVPN. I am able to establish a connection with this command

$ sudo openvpn --ifconfig-noexec --route-noexec --up netns-script --route-up netns-script --down netns-script --script-security 2 --config 'US Chicago.ovpn'

However, when I attempt to make a connection using the VPN, it will simply timeout

$ sudo ip netns exec vpn curl icanhazip.com curl: (6) Could not resolve host: icanhazip.com
Improve this question
4

1 Answer 1

Reset to default
1

It depends upon the VPN server configuration how it has been configured. All the traffic has been routed through VPN in your case. By changing your default gateway for enp2s0 may give you your answer. Also, check for P2P IP link for VPN server by ip neigh command whether it is reachable or not.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.