search

Nyr / openvpn-install

OpenVPN road warrior installer for Ubuntu, Debian, AlmaLinux, Rocky Linux, CentOS and Fedora
MIT License
18.72k stars 4.82k forks source link

There are some problems with using CloudFlare's warp-cli and this one-click script at the same time #1040

Closed y377 closed 1 year ago

y377 commented 1 year ago

First of all, thanks for the one-click script, it's really handy! As the question when the cloud server is using cloud flare's warp-cli command line program, the openvpn client connects to the server at this time, which will lead to no Internet access, warp-svc component prompts as follows: WARN warp::warp: Dropping martian, tun should not have seen this src_addr=172.17.48.191

The same warp-cli configuration, I uninstalled the script using openvpnas from the official website, and when warp-cli's warp mode is turned on, it is possible to access the internet, and based on experience, I suspect that the problem lies here: /etc/systemd/system/openvpn-iptables.service

[Unit]
Before=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 172.17.48.191
ExecStart=/usr/sbin/iptables -I INPUT -p tcp --dport 30420 -j ACCEPT
ExecStart=/usr/sbin/iptables -I FORWARD -s 10.8.0.0/24 -j ACCEPT
ExecStart=/usr/sbin/iptables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStop=/usr/sbin/iptables -t nat -D POSTROUTING -s 10.8.0.0/24 ! -d 10.8.0.0/24 -j SNAT --to 172.17.48.191
ExecStop=/usr/sbin/iptables -D INPUT -p tcp --dport 30420 -j ACCEPT
ExecStop=/usr/sbin/iptables -D FORWARD -s 10.8.0.0/24 -j ACCEPT
ExecStop=/usr/sbin/iptables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStart=/usr/sbin/ip6tables -t nat -A POSTROUTING -s fddd:1194:1194:1194::/64 ! -d fddd:1194:1194:1194::/64 -j SNAT --to 2606:4700:110:85df:6b6e:8d99:b9d:80fb
ExecStart=/usr/sbin/ip6tables -I FORWARD -s fddd:1194:1194:1194::/64 -j ACCEPT
ExecStart=/usr/sbin/ip6tables -I FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
ExecStop=/usr/sbin/ip6tables -t nat -D POSTROUTING -s fddd:1194:1194:1194::/64 ! -d fddd:1194:1194:1194::/64 -j SNAT --to 2606:4700:110:85df:6b6e:8d99:b9d:80fb
ExecStop=/usr/sbin/ip6tables -D FORWARD -s fddd:1194:1194:1194::/64 -j ACCEPT
ExecStop=/usr/sbin/ip6tables -D FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target

route

default via 172.17.63.253 dev eth0 proto dhcp metric 100
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
172.17.0.0/18 dev eth0 proto kernel scope link src 172.17.48.191 metric 100

But I don't know the iptables setup rules, if you can give me a modified rule, I can verify it,thanks

Nyr commented 1 year ago

While it is possible that there could be a routing conflict, it does not mean that there is an issue with my installer.

Ultimately I am not familiar with WARP so I am unable to give you further advice.