Open black00019 opened 1 year ago
Many thanks for your request. So basically VPN server + dietpi-vpn
and then the forwarding rules adjusted to not forward incoming requests from the VPN server to the internet facing network interface, but to the VPN client interface.
Our OpenVPN server implementation has no forwarding rules added OOTB, and I'm not even sure whether this server works well with dietpi-vpn
or whether they both try to use the tun0
interface 🤔. With the WireGuard server it should be however pretty simple: In /etc/wireguard/wg0.conf
replace all eth0
or wlan0
with tun0
. And the killswitch cannot be used, or it would need to be modified (rules added) to allow packets/connections through wg0
.
Yes you can have both working together. It's a matter if iptable
rules to implement. But I'm not a network export. usually trendy is the Master of Network. We have a couple of these request in our forum. Not sure if this will be possible for all scenario we offer/support.
Thanks for the reply As a first proposal I would make the connection via dietpi-vpn work, as I noticed that once connected with protonvpn, from the dietpi console you can no longer navigate in any way. As a second request instead I would make sure that the dietpi-vpn connection becomes an exit gateway for all clients connected to both the lan and wireless network, and that it is settable (my dietpi has also installed pi-hole which acts as a dhcp server) .
As a first proposal I would make the connection via dietpi-vpn work, as I noticed that once connected with protonvpn, from the dietpi console you can no longer navigate in any way.
Would be great if you could open a dedicated issue about this. This of course shouldn't happen, not even with SSH when enabling the killswitch. But the killswitch is expected to break incoming VPN connections. Basically for every incoming connection (port), an additional rule needs to be applied if the killswitch is active.
As a second request instead I would make sure that the dietpi-vpn connection becomes an exit gateway for all clients connected
The VPN is already made the default gateway, the only missing thing indeed are the forwarding rules like the ones applied in the WireGuard settings. Without them, incoming requests would land in the ether.
Creating a feature request
Is your feature request related to a problem? Please describe:
Describe the solution you'd like: