Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Finally Got it. It's not a split tunnel since that would be fairly redundant in a container.
Cloned LXC Container named vpn
Changed Config. Added this to the vpn config:
# Allow Tun Device
lxc.cgroup.devices.allow = c 10:200 rwm
# Run an autodev hook to setup the device
lxc.autodev = 1
lxc.hook.autodev = /lxc/vpn/autodev
lxc.pts = 1024
lxc.kmsg = 0
Created script in /lxc/vpn/
mkdir net
mknod net/tun c 10 200
chmod 0666 net/tun
Installed OpenVPN as usual with my PIA credentials.
Created login.txt in /etc/openvpn with credentials
Changed permissions of login.txt to 600 (i.e: read/write for owner, nothing for the rest)
#up and down scripts to be executed when VPN starts or stops
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
Added the following to /etc/openvpn/update-resolv-conf
foreign_option_1='dhcp-option DNS'
foreign_option_2='dhcp-option DNS'
foreign_option_3='dhcp-option DNS'
Threw this setup into a script and set as persistent.
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s -j ACCEPT
iptables -A INPUT -s -d -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A INPUT -j DROP
iptables -A FORWARD -p udp -m udp --dport 53 -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -j DROP
iptables -A OUTPUT -p udp -m udp --dport 1198 -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -d -j ACCEPT
iptables -A OUTPUT -s -d -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A OUTPUT -j DROP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment