OpenVPN kill switch doesn't work in 11.3

N

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
In my transmission jail I have ipfw_rules
Code:
#!/bin/bash
# Flush out the list before we begin
ipfw -q -f flush

# Set rules command prefix
cmd="ipfw -q add"
vpn="tun0"

# allow all local traffic on the loopback interface
$cmd 00001 allow all from any to any via lo0

# allow any connection to/from VPN interface
$cmd 00010 allow all from any to any via $vpn

# allow connection to/from LAN by Transmission
$cmd 00101 allow all from me to 192.168.5.0/24 uid transmission
$cmd 00102 allow all from 192.168.5.0/24 to me uid transmission

# deny any Transmission connection outside LAN that does not use VPN
$cmd 00103 deny all from any to any uid transmission


When I download a test torrent and then stopping the openvpn service the file stops downloading (download speed to 0) and then after a minute it starts back up again. I'm not sure if this an issue with 11.3 as I believe it worked in prior version but I'm not 100% sure. Or is there a problem with my firewall rule?
 
Basil Hendroff

Basil Hendroff

Wizard
Joined
Jan 4, 2014
Messages
1,644
I'm not seeing the behaviour you're seeing. I'm on 11.3 with the same rules. Turned off the openvpn service for five minutes and it stayed down till I turned it back on. So I don't believe the issue is 11.3 or the rules.
 
N

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
Basil Hendroff said:
I'm not seeing the behaviour you're seeing. I'm on 11.3 with the same rules. Turned off the openvpn service for five minutes and it stayed down till I turned it back on. So I don't believe the issue is 11.3 or the rules.
Click to expand...
Thanks for checking. I have no idea where to look next.
 
N

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
I decided to reinstall FN 11.3 as maybe there was a problem with the upgrade. Unfortunately it didn't fix the issue but a strange thing happened. I have a /git directory with scripts in it on. They disappeared after I reinstalled from scratch. Is that because they need to be in /mnt/v1/git to survive a wipe of the boot drive?
 
Basil Hendroff

Basil Hendroff

Wizard
Joined
Jan 4, 2014
Messages
1,644
NasKar said:
Thanks for checking. I have no idea where to look next
Click to expand...
The main difference between our setups will be the VPN provider we each use. Could there be a problem with certificates and keys?
 
N

NasKar

Guru
Joined
Jan 8, 2016
Messages
739
I think if the certificates/keys were a problem the vpn wouldn’t work at all.
 
You must log in or register to reply here.

Similar threads

A
Need help accessing Transmission through a home VPN connection with IPFW setup
Replies
4
Views
1K
Amsoil_Jim
A
R
Sonarr jail access to transmission jail running behind a VPN
Replies
0
Views
1K
relli10
R
S
OpenVPN Kill Switch on 11.2 errors loading rules?
Replies
1
Views
866
dlavigne
D
BlakeNagel07
  • Locked
Transmission with OpenVPN in jail "remote webGUI"
Replies
4
Views
2K
BlakeNagel07
BlakeNagel07
I
[GUIDE] VPN Killswitch inside of jail
Replies
9
Views
8K
ric
R
Top