0

I'm trying to setup my RPi 3 (buster) with a deluge server and a VPN (Private Internet Access)

I have followed theses guides

I was able to connect the Thin Client from my Windows machine to my Raspberry Pi before setuping the VPN. But after setuping my VPN, the connection fails. The Deluge server runs on port 58846.

My status currently: - On the RPie, I am able to connect to the internet. The VPN function correctly curl icanhazip.com return an IP located outside my country

  • On my Windows machine, I can ping my RPie, but only with the hostname -- Strangely, ping shows IP V6 connection -- If I try to ping using my IP V4, the ping fails

Futhermore, on my Windows machine, I can telnet to my RPie, but only by using the hostname. telnet raspberrypi 22 shows the SSH connection BUT, if I Telnet to the Deluge server port, no connection succeed telnet raspberrypi 58846

Here is my /etc/network/interfaces (I'm using Wi-Fi)

# interfaces(5) file used by ifup(8) and ifdown(8)

# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'

# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d

auto lo
iface lo inet loopback

auto wlan0
iface wlan0 inet static
        address 192.168.86.40
        netmask 255.255.255.0
        gateway 192.168.86.1
        dns-nameservers 1.1.1.1 1.0.0.1
        wpa-conf /etc/wpa_supplicant/wpa_supplicant.conf

up route add -net 192.168.86.0 netmask 255.255.255.0 gw 192.168.86.1 metric 300

Here is my iptables

Chain INPUT (policy DROP)
target     prot opt source               destination
f2b-ssh    tcp  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  192.168.0.0/24       anywhere
ACCEPT     udp  --  anywhere             anywhere             udp spt:domain
ACCEPT     udp  --  anywhere             anywhere             udp spt:1198
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
LOG        all  --  anywhere             anywhere             limit: avg 5/min burst 5 LOG level debug prefix "iptables denied: "
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW,ESTABLISHED
ACCEPT     tcp  --  anywhere             anywhere             tcp dpts:56881:56889
ACCEPT     udp  --  anywhere             anywhere             udp dpts:56881:56889
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:58846
ACCEPT     udp  --  anywhere             anywhere             udp dpt:58846
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:58846
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             192.168.0.0/24
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:1198
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere             tcp spt:ssh ctstate ESTABLISHED

Chain f2b-ssh (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

sudo netstat -npl give the following information:

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:58504           0.0.0.0:*               LISTEN      708/python
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      613/smbd
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      599/vncserver-x11-c
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      601/sshd
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      613/smbd
tcp        0      0 0.0.0.0:58846           0.0.0.0:*               LISTEN      708/python
tcp6       0      0 :::58504                :::*                    LISTEN      708/python
tcp6       0      0 :::139                  :::*                    LISTEN      613/smbd
tcp6       0      0 :::5900                 :::*                    LISTEN      599/vncserver-x11-c
tcp6       0      0 :::22                   :::*                    LISTEN      601/sshd
tcp6       0      0 :::445                  :::*                    LISTEN      613/smbd
udp        0      0 0.0.0.0:48645           0.0.0.0:*                           320/avahi-daemon: r
udp        0      0 10.79.10.6:6771         0.0.0.0:*                           708/python
udp        0      0 192.168.86.40:6771      0.0.0.0:*                           708/python
udp        0      0 127.0.0.1:6771          0.0.0.0:*                           708/python
udp        0      0 0.0.0.0:6771            0.0.0.0:*                           708/python
udp        0      0 0.0.0.0:58504           0.0.0.0:*                           708/python
udp        0      0 192.168.86.255:137      0.0.0.0:*                           595/nmbd
udp        0      0 192.168.86.40:137       0.0.0.0:*                           595/nmbd
udp        0      0 0.0.0.0:137             0.0.0.0:*                           595/nmbd
udp        0      0 192.168.86.255:138      0.0.0.0:*                           595/nmbd
udp        0      0 192.168.86.40:138       0.0.0.0:*                           595/nmbd
udp        0      0 0.0.0.0:138             0.0.0.0:*                           595/nmbd
udp        0      0 127.0.0.1:47321         0.0.0.0:*                           708/python
udp        0      0 0.0.0.0:46815           0.0.0.0:*                           583/openvpn
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           320/avahi-daemon: r
udp        0      0 10.79.10.6:42749        0.0.0.0:*                           708/python
udp        0      0 0.0.0.0:53001           0.0.0.0:*                           708/python
udp        0      0 127.0.0.1:58669         0.0.0.0:*                           708/python
udp        0      0 10.79.10.6:1900         0.0.0.0:*                           708/python
udp        0      0 127.0.0.1:1900          0.0.0.0:*                           708/python
udp        0      0 0.0.0.0:1900            0.0.0.0:*                           708/python
udp        0      0 10.79.10.6:54676        0.0.0.0:*                           708/python
udp        0      0 192.168.86.40:56234     0.0.0.0:*                           708/python
udp6       0      0 fe80::7833:fd16:c:52252 :::*                                708/python
udp6       0      0 fe80::7833:fd16:cc:6771 :::*                                708/python
udp6       0      0 fe80::ba27:ebff:fe:6771 :::*                                708/python
udp6       0      0 ::1:6771                :::*                                708/python
udp6       0      0 :::6771                 :::*                                708/python
udp6       0      0 :::58504                :::*                                708/python
udp6       0      0 :::38084                :::*                                320/avahi-daemon: r
udp6       0      0 :::5353                 :::*                                320/avahi-daemon: r
udp6       0      0 ::1:35203               :::*                                708/python
udp6       0      0 fe80::ba27:ebff:f:33185 :::*                                708/python
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node   PID/Program name     Path
unix  2      [ ACC ]     STREAM     LISTENING     1580     1/init               /run/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     12591    1/init               /var/run/pcscd/pcscd.comm
unix  2      [ ACC ]     STREAM     LISTENING     1586     1/init               /run/systemd/fsck.progress
unix  2      [ ACC ]     STREAM     LISTENING     12595    1/init               /run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     12598    1/init               /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     SEQPACKET  LISTENING     1591     1/init               /run/udev/control
unix  2      [ ACC ]     STREAM     LISTENING     12602    1/init               /run/thd.socket
unix  2      [ ACC ]     STREAM     LISTENING     15931    595/nmbd             /var/run/samba/nmbd/unexpected
unix  2      [ ACC ]     STREAM     LISTENING     1603     1/init               /run/systemd/journal/stdout
unix  2      [ ACC ]     STREAM     LISTENING     15249    651/systemd          /run/user/1001/systemd/private
unix  2      [ ACC ]     STREAM     LISTENING     15255    651/systemd          /run/user/1001/gnupg/S.gpg-agent.ssh
unix  2      [ ACC ]     STREAM     LISTENING     15258    651/systemd          /run/user/1001/gnupg/S.gpg-agent.browser
unix  2      [ ACC ]     STREAM     LISTENING     15260    651/systemd          /run/user/1001/bus
unix  2      [ ACC ]     STREAM     LISTENING     15262    651/systemd          /run/user/1001/gnupg/S.dirmngr
unix  2      [ ACC ]     STREAM     LISTENING     15264    651/systemd          /run/user/1001/gnupg/S.gpg-agent.extra
unix  2      [ ACC ]     STREAM     LISTENING     15266    651/systemd          /run/user/1001/gnupg/S.gpg-agent
unix  2      [ ACC ]     STREAM     LISTENING     14973    599/vncserver-x11-c  /tmp/.vnc-vncservice/vncserver-x11.CtrlComms
unix  2      [ ACC ]     STREAM     LISTENING     15046    596/python3          /var/run/fail2ban/fail2ban.sock
unix  2      [ ACC ]     SEQPACKET  LISTENING     13798    534/bluealsa         /var/run/bluealsa/hci0
Thierry-Dimitri Roy
  • 101
  • 1
  • You should not use old style Debian **ifupdown** anymore. It is deprecated since at least two Raspbian versions now. – Ingo Jul 07 '19 at 19:36
  • @Ingo I'm not a sysadmin :) Can you give me a little bit more detail about what I'm doing wrong with _ifupdown_? – Thierry-Dimitri Roy Jul 07 '19 at 20:18
  • 1
    Do you have noted "# Please note that this file is written to be used with dhcpcd" in the interfaces file? Do you have dhcpcd managed accordingly? I'm not familiar with this. I prefer *systemd-networkd*. And as long as you have problems with connections I would make iptables complete transparent. iptables is used to restrict connections in general. – Ingo Jul 07 '19 at 22:26
  • @Ingo Yes, DHCP looks to be working (I have an IP adress and I can ping google.com). How would I make "I would make iptables complete transparent"? The way I understand the setup is to make the connection build in a way that if the VPN is down, there is no connection to the internet possible. – Thierry-Dimitri Roy Jul 08 '19 at 00:48
  • To make iptables transparent you can look at [Route wifi AP traffic(wlan0) to tun0 (openvpn) and keep eth0 unaffected for LAN SSH](https://raspberrypi.stackexchange.com/a/84096/79866). There is an example. I had only a glance at the tutorials you have linked, tl;dr; As far as I understand Deluge is just a server running on the RasPi and has nothing to do with network connections and vpn. It must only reachable. Can you confirm this? – Ingo Jul 08 '19 at 10:49

0 Answers0