I'm trying to figure out how to set up PIA VPN on ERL. I tried to follow this: https://www.youtube.com/watch?v=OQHVCqUL6d8 , but when i have vtun0 enabled, I lose internet access from lan clients. I believe it may be due to the settings that were aready in my router that may be causing a conflict. Can someone see if there is anything obvious? Here is the config:
# show interfaces
ethernet eth0 {
address dhcp
description WAN
dhcp-options {
default-route update
default-route-distance 210
name-server no-update
}
duplex auto
firewall {
in {
name WAN_LAN
}
local {
name WAN_ROUTER
}
}
speed auto
}
ethernet eth1 {
address 192.168.2.1/24
description LAN
duplex auto
firewall {
in {
modify PIA_ROUTE
}
}
speed auto
}
ethernet eth2 {
duplex auto
speed auto
}
loopback lo {
}
openvpn vtun0 {
config-file /config/auth/us_midwest.ovpn
description VPN_CLIENT
disable
}
[edit]
# show protocols
static {
table 1 {
interface-route 0.0.0.0/1 {
next-hop-interface vtun0 {
}
}
}
}
[edit]
# show firewall
all-ping enable
broadcast-ping disable
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
modify PIA_ROUTE {
rule 10 {
description "traffic from LAN to vtun0"
modify {
table 1
}
source {
address 192.168.2.0/24
}
}
}
name WAN_LAN {
default-action drop
description "packets from WAN to LAN"
enable-default-log
rule 1 {
action accept
description "Allow established sessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
}
}
name WAN_ROUTER {
default-action drop
description "packets from WAN to Router"
enable-default-log
rule 1 {
action accept
description "Allow established sessions"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop invalid state"
log disable
protocol all
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
[edit]Here are the routes prior to turning on the interface vtun0:
$ sudo ip r
default via 174.58.180.1 dev eth0 proto zebra
174.58.180.0/23 dev eth0 proto kernel scope link src 174.58.180.12
192.168.2.0/24 dev eth1 proto kernel scope link
And the routes after:
$ sudo ip r 0.0.0.0/1 via 10.30.1.9 dev vtun0 default via 174.58.180.1 dev eth0 proto zebra 10.30.1.1 via 10.30.1.9 dev vtun0 10.30.1.9 dev vtun0 proto kernel scope link src 10.30.1.10 10.30.1.10 dev vtun0 proto kernel scope link 108.61.228.127 via 174.58.180.1 dev eth0 128.0.0.0/1 via 10.30.1.9 dev vtun0 174.58.180.0/23 dev eth0 proto kernel scope link src 174.58.180.12 192.168.2.0/24 dev eth1 proto kernel scope link
I removed the static route:
delete protocols static
and re-checked the routes:
$sudo ip r 0.0.0.0/1 via 10.30.1.13 dev vtun0 default via 174.58.180.1 dev eth0 proto zebra 10.30.1.1 via 10.30.1.13 dev vtun0 10.30.1.13 dev vtun0 proto kernel scope link src 10.30.1.14 10.30.1.14 dev vtun0 proto kernel scope link 108.61.228.112 via 174.58.180.1 dev eth0 128.0.0.0/1 via 10.30.1.13 dev vtun0 174.58.180.0/23 dev eth0 proto kernel scope link src 174.58.180.12 192.168.2.0/24 dev eth1 proto kernel scope link
I am using the ovpn file provided by PIA, and it does succcesfully get an IP and from the above appears that the server pushes routes. Here is the file:
//openvpn config from privateinternetaccess.com client dev tun proto tcp remote us-midwest.privateinternetaccess.com 502 resolv-retry infinite nobind persist-key persist-tun cipher aes-128-cbc auth sha1 tls-client remote-cert-tls server auth-user-pass /config/auth/userpass.txt comp-lzo verb 1 reneg-sec 0 crl-verify /config/auth/crl.rsa.2048.pem ca /config/auth/ca.rsa.2048.crt disable-occ
I was able to make a connection to PIA with my old ASUS router, however, the setup was all GUI based so I'm fairly unfamilar.