Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Finally Got it. It's not a split tunnel since that would be fairly redundant in a container.
Cloned LXC Container named vpn
Changed Config. Added this to the vpn config:
# Allow Tun Device
lxc.cgroup.devices.allow = c 10:200 rwm
# Run an autodev hook to setup the device
lxc.autodev = 1
lxc.hook.autodev = /lxc/vpn/autodev
lxc.pts = 1024
lxc.kmsg = 0
Created script in /lxc/vpn/
#!/bin/bash
cd ${LXC_ROOTFS_MOUNT}/dev
mkdir net
mknod net/tun c 10 200
chmod 0666 net/tun
Installed OpenVPN as usual with my PIA credentials.
Created login.txt in /etc/openvpn with credentials
Changed permissions of login.txt to 600 (i.e: read/write for owner, nothing for the rest)
#up and down scripts to be executed when VPN starts or stops
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Added the following to /etc/openvpn/update-resolv-conf
foreign_option_1='dhcp-option DNS 209.222.18.222'
foreign_option_2='dhcp-option DNS 209.222.18.218'
foreign_option_3='dhcp-option DNS 8.8.8.8'
Threw this setup into a script and set as persistent.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 255.255.255.255/32 -j ACCEPT
iptables -A INPUT -s 192.168.1.0/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A INPUT -j DROP
iptables -A FORWARD -p udp -m udp --dport 53 -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -j DROP
iptables -A OUTPUT -p udp -m udp --dport 1198 -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -d 255.255.255.255/32 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.1/24 -d 192.168.1.0/24 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A OUTPUT -j DROP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment