Closed jorge123255 closed 2 years ago
Hi @jorge123255,
I'll be happy to help but I'll need some more information.
Thanks!
What sucks is I upgraded today to my folder for split tunnel is gone along with the script :(.
On Dec 29, 2021, 2:11 PM -0600, peacey @.***>, wrote:
Hi @jorge123255, I'll be happy to help but I'll need some more information.
- Which VPN provider are you setting this up with? WireGuard or OpenVPN or something else?
- Can I see your vpn.conf?
- Can you describe your network setup?
- When the script is running, are you able to ping 1.1.1.1 from a forced client? Are you able to ping google.com? Trying to see if it's DNS that's the issue or the connection.
- Do you have any content restrictions/filters active on the forced network?
Thanks! — Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you were mentioned.Message ID: @.***>
split-vpn shouldn't be deleted when you upgrade, unless you factory reset. It is still there under /mnt/data/split-vpn
. If you're wondering about the /etc/split-vpn
link you can recreate it by running /mnt/data/split-vpn/vpn/setup-split-vpn.sh
at startup or by using the included boot script. So your files should still be there, please check again.
Please show me your vpn.conf and mullvad wireguard config you are using please. Make sure to remove the keys from the WireGuard config before you post it.
FORCED_SOURCE_INTERFACE="br0" FORCED_SOURCE_IPV4="192.168.1.1/32" FORCED_SOURCE_IPV6="" FORCED_SOURCE_MAC=""
FORCED_SOURCE_IPV4_PORT="tcp-192.168.1.1-22,32400,80:90,443,55555" FORCED_SOURCE_IPV6_PORT="" FORCED_SOURCE_MAC_PORT=""
FORCED_DESTINATIONS_IPV4="8.8.8.8" FORCED_DESTINATIONS_IPV6=""
FORCED_LOCAL_INTERFACE=""
EXEMPT_SOURCE_IPV4="" EXEMPT_SOURCE_IPV6="" EXEMPT_SOURCE_MAC=""
EXEMPT_SOURCE_IPV4_PORT="" EXEMPT_SOURCE_IPV6_PORT="" EXEMPT_SOURCE_MAC_PORT=""
EXEMPT_DESTINATIONS_IPV4="" EXEMPT_DESTINATIONS_IPV6=""
#
#
#
FORCED_IPSETS=dst" EXEMPT_IPSETS=dst UBIOS_ADDRv4_eth8:dst UBIOS_ADDRv6_br0:dst UBIOS_NETv4_br4:dst"
PORT_FORWARDS_IPV4=""tcp-21674-192.168.1.1-50001"" PORT_FORWARDS_IPV6=""
#
#
DNS_IPV4_IP=193.138.218.74 DNS_IPV4_PORT=53
DNS_IPV4_INTERFACE=""
DNS_IPV6_IP="" DNS_IPV6_PORT=53 DNS_IPV6_INTERFACE=""
BYPASS_MASQUERADE_IPV4="ALL" BYPASS_MASQUERADE_IPV6="ALL"
KILLSWITCH=0
REMOVE_KILLSWITCH_ON_EXIT=1
REMOVE_STARTUP_BLACKHOLES=1
VPN_PROVIDER="external"
VPN_ENDPOINT_IPV4="66.63.167.162" VPN_ENDPOINT_IPV6=""
GATEWAY_TABLE="auto"
MSS_CLAMPING_IPV4="1240" MSS_CLAMPING_IPV6=""
WATCHER_TIMER=1
ROUTETABLE=101 MARK=0x9 PREFIX="VPN" PREF=99 DEV=tun0
#
[Interface] PrivateKey = Address = 10.67.201.201/32,fc00:bbbb:bbbb:bb01::4:c9c8/128 DNS = 193.138.218.74 PostUp = sh /etc/split-vpn/vpn/updown.sh %i up PreDown = sh /etc/split-vpn/vpn/updown.sh %i down
Table = 101 [Peer] PublicKey =
AllowedIPs = 0.0.0.0/1,128.0.0.0/1,::/1,8000::/1 Endpoint = 66.63.167.162:3436
wow big font sorry about that
Thanks George! What is 192.168.1.1? Is that the IP of your computer? And you want to force all your main LAN/br0?
Few issues with your vpn.conf (some wrong settings). Let's start simple with an empty vpn.conf. Copy the sample vpn.conf.sample and only change these settings:
Then your wireguard config needs to be called the same as DEV. So in this case, make sure your WireGuard config is named wg0.conf
. Also please comment out the DNS= line in your wg0.conf. The rest of your wg0.conf is correct.
After that, bring up the VPN tunnel in the configuration directory like this:
wg-quick up ./wg0.conf
If it is successful, try to ping 1.1.1.1 directly through the WireGuard interface in SSH on the UDM:
ping -I wg0 1.1.1.1
If that works, then from your forced client (192.168.1.1), try to open a command line and run:
ping 1.1.1.1
ping google.com
See if either works on your forced client.
If something is not working, please show me the output of wg-quick up.
Let's try it step by step and see what happens!
aaa ok the 192.168.1.1 is my UMD router IP ill change that to one of the PC ill be testing
Yay its working, after the test I changed it to /24, the only thing now is DNS leaks.
Great @jorge123255! For DNS, please set DNS_IPV4_IP="193.138.218.74"
in your vpn.conf (or whatever DNS you want your forced clients to use). Then bring down the tunnel and back up again and see if DNS is still leaking.
Do you have any IPv6 setup on that network?
No I disabled IPV6 on my network, @peacey thank you very much for your help, felt lost :)
Let me buy you a coffee :)
No worries, George. My pleasure. Play around with it for a bit and see if you need to change anymore settings like for inter-VLAN access or something isn't working right. Feel free to ask if you have anymore questions, or close this issue if you're happy with everything!
Closing this now, but if you have any more issues feel free to open another one!
I followed the instructions and no internet on any of my devices spent 3 days trying to figure this out with no luck any help :)