Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

Murthy's law of vpn networking.

Looking for assistance with a cryptostorm connection issue? Post here & we'll help out. Also: if you're not sure where to post, do so here & we'll move things around as needed. Also: for quickest support, email our oddly calm & easygoing support reps at support@cryptostorm.is :)

Topic Author
AnonKraut
Posts: 3
Joined: Sun May 07, 2017 7:26 am

Murthy's law of vpn networking.

Postby AnonKraut » Mon May 08, 2017 1:23 am

Hi there, new guy reporting in. So, according to Murthy, if you leave a single route open, odds are the very first app you are running is gonna try to bypass the tunnel and send some nice little clear net packets over that route. Odds are furthermore the packet will be telling as fuq. Being the lazy guy I am, I went with a single host setup (local openvpn rather than using a dedicated router) and karma by means of redirect-gateway def1 kicked in almost instantly:

Code: Select all

00:20:06.503655 rule 1..16777216/0(match): block out on {$EXT_IF}: {$EXT_ADDRESS}.51413 > ${CSTORM_GATEWAY}.51413: UDP, length 30


Of course it was blocked but still, ... any ideas other than leaving it to the packet filter?

User avatar

parityboy
Site Admin
Posts: 1091
Joined: Wed Feb 05, 2014 3:47 am

Re: Murthy's law of vpn networking.

Postby parityboy » Mon May 08, 2017 3:48 pm

@OP

I have a similar issue and the only thing I can think of is to use the firewall to block it.


Topic Author
AnonKraut
Posts: 3
Joined: Sun May 07, 2017 7:26 am

Re: Murthy's law of vpn networking.

Postby AnonKraut » Tue May 09, 2017 3:25 am

Managed to solve this bsd-style (least effort XD).

TL;DR:
# openvpn.sh
# setfib 1 route add default ${TUN_PEER}
$ setfib 1 sh


Return to “member support & tech assistance”

Who is online

Users browsing this forum: No registered users and 22 guests

Login