Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
No internet when vpn is running in chroot
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Atlant-T
n00b
n00b


Joined: 25 Dec 2020
Posts: 2

PostPosted: Sat Nov 20, 2021 7:56 pm    Post subject: No internet when vpn is running in chroot Reply with quote

Hello everyone.

I have 64-bit Gentoo and am trying to run 32-bit kerio-kvc (8.5.3) vpn using Chroot Guide. Unfortunately, when I start vpn, the internet is lost, but when I stop vpn, the internet is work.

There is an assumption that the reason may be related to the fact that the chroot after copying has its own independent file /etc/resolv.conf.

/etc/init.d/gentoo32
Code:

name="gentoo32 daemon"
description=""
command=/usr/bin/gentoo32
command_args="${gentoo32_args}"

chroot_dir=/mnt/gentoo32

depend() {
  need localmount bootmisc
}

start() {
  ebegin "Mounting 32-bit chroot directories"
  mount --rbind /dev "${chroot_dir}/dev" >/dev/null
  mount --rbind /sys "${chroot_dir}/sys" >/dev/null
  mount -t proc none "${chroot_dir}/proc" >/dev/null
  mount -o bind /tmp "${chroot_dir}/tmp" >/dev/null
  mount -o bind /usr/portage "${chroot_dir}/usr/portage/" >/dev/null
  mount -t tmpfs -o nosuid,nodev,noexec,mode=755 none "${chroot_dir}/run" >/dev/null

  eend $? "An error occured while attempting to mount 32bit chroot directories"
  ebegin "Copying 32bit chroot files"

  cp -pf /etc/resolv.conf /etc/passwd /etc/shadow /etc/group \
         /etc/gshadow /etc/hosts "${chroot_dir}/etc" >/dev/null
  cp -Ppf /etc/localtime "${chroot_dir}/etc" >/dev/null
  eend $? "An error occured while attempting to copy 32 bits chroot files."
}

stop() {
  ebegin "Unmounting 32-bit chroot directories"
  umount -fR "${chroot_dir}/dev" >/dev/null
  umount -fR "${chroot_dir}/sys" >/dev/null
  umount -f "${chroot_dir}/proc" >/dev/null
  umount -f "${chroot_dir}/tmp" >/dev/null
  umount -f "${chroot_dir}/usr/portage/" >/dev/null
  umount -f "${chroot_dir}/run" >/dev/null
  eend $? "An error occured while attempting to unmount 32bit chroot directories"
}


route -n (origin, before starting vpn)
Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.1   0.0.0.0         UG    2003   0        0 wlp3s0
192.168.100.0   0.0.0.0         255.255.255.0   U     2003   0        0 wlp3s0


route -n (chroot, before starting vpn)
Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.100.1   0.0.0.0         UG    2003   0        0 wlp3s0
192.168.100.0   0.0.0.0         255.255.255.0   U     2003   0        0 wlp3s0


route -n (origin, after starting vpn)
Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.xxx.xx.1    128.0.0.0       UG    1      0        0 kvnet
0.0.0.0         192.168.100.1   0.0.0.0         UG    2003   0        0 wlp3s0
xxx.xxx.xx.0    0.0.0.0         255.255.255.0   U     0      0        0 kvnet
128.0.0.0       xxx.xxx.xx.1    128.0.0.0       UG    1      0        0 kvnet
134.17.25.89    192.168.100.1   255.255.255.255 UGH   1      0        0 wlp3s0
192.168.1.0     xxx.xxx.xx.1    255.255.255.0   UG    1      0        0 kvnet
192.168.100.0   0.0.0.0         255.255.255.0   U     2003   0        0 wlp3s0


route -v (chroot, after starting vpn)
Code:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         xxx.xxx.xx.1    128.0.0.0       UG    1      0        0 kvnet
0.0.0.0         192.168.100.1   0.0.0.0         UG    2003   0        0 wlp3s0
xxx.xxx.xx.0    0.0.0.0         255.255.255.0   U     0      0        0 kvnet
128.0.0.0       xxx.xxx.xx.1    128.0.0.0       UG    1      0        0 kvnet
134.17.25.89    192.168.100.1   255.255.255.255 UGH   1      0        0 wlp3s0
192.168.1.0     xxx.xxx.xx.1    255.255.255.0   UG    1      0        0 kvnet
192.168.100.0   0.0.0.0         255.255.255.0   U     2003   0        0 wlp3s0
Back to top
View user's profile Send private message
roccobaroccoSC
n00b
n00b


Joined: 15 May 2020
Posts: 27

PostPosted: Sun Nov 21, 2021 1:31 pm    Post subject: Reply with quote

Do you want to use your VPN for Internet access, or you just want access to the VPN but your Internet connections should be through your router as usual? (I myself use the second option.)
I assume you want to connect to the Internet through your VPN, judging from the routing configuration, is the assumption correct?

In case of network problems, I usually follow this procedure:
* Are all network interfaces up, do all bridges contain the required members?
Code:
ifconfig
brctl show

* Make sure IP settings are correct on all hosts participating in your route - workstation, gateway, etc. (ip addresses and masks should be checked for typoes). Validate with a ping or traceroute (use -n in order to avoid running into DNS issues at this point).
Code:
ping -n xxx.xxx.xx.1

* Does your VPN gateway has IP forwarding enabled? If someone else manages it, assume it's ok.
Code:
cat /proc/sys/net/ipv4/ip_forward
1

* Check your firewall rules (maybe your firewall does not account properly for the new IP addresses after connecting to the VPN). Check your firewall log. With iptables you need to edit the rules and add specific LOG targets, which I can't explain easily here.
* Are routes set properly in both directions. You can use tcpdump on the remote side to see if the packets arrive and if response is sent back.
* If ping -n works, check your DNS configuration. The nameservers in /etc/resolv.conf should be pingable and test them with "dig" or "drill".
Code:
dig @YOUR_DNS_SERVER_IP www.freebsd.org
drill @YOUR_DNS_SERVER_IP www.freebsd.org
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21490

PostPosted: Sun Nov 21, 2021 5:21 pm    Post subject: Re: No internet when vpn is running in chroot Reply with quote

Atlant-T wrote:
I have 64-bit Gentoo and am trying to run 32-bit kerio-kvc (8.5.3) vpn using Chroot Guide.
Why are you running this in a 32-bit chroot, instead of running in the main environment?
Atlant-T wrote:
Unfortunately, when I start vpn, the internet is lost, but when I stop vpn, the internet is work.
In what way is Internet access lost? What fails? What still works? When the VPN is running, are applications in the 32-bit root able to use the Internet, or are they also broken?
Atlant-T wrote:
There is an assumption that the reason may be related to the fact that the chroot after copying has its own independent file /etc/resolv.conf.
The chroot would then use separate nameservers, yes. If the VPN blocks access to your regular nameservers, then applications outside the chroot would lose access to DNS (but not to the Internet generally).
Atlant-T wrote:
route -n (origin, before starting vpn)
Routes are part of the network namespace, not the filesystem root state. Starting the VPN in the chroot switches both the main system and the chroot to use the VPN's network configuration. If you don't like this, you could use a network namespace to isolate the VPN, so that the host remains unaware the VPN is in use.
Back to top
View user's profile Send private message
dimko
Apprentice
Apprentice


Joined: 12 Feb 2006
Posts: 194

PostPosted: Thu Feb 10, 2022 11:35 pm    Post subject: Could be DNS issue? Reply with quote

Your VPN, can you ping smth like 8.8.8.8 when running it?
If responds - Internet works. Perhaps DNS doesn't.
If pings go through, do dig command:
dig google.com
if no DNS response, try using 8.8.8.8 as DNS server(just for test, dont trust google!)
_________________
Just a user.
Back to top
View user's profile Send private message
CarleyGregory
n00b
n00b


Joined: 26 Jul 2022
Posts: 1

PostPosted: Tue Jul 26, 2022 5:30 pm    Post subject: Reply with quote

Most likely, the user load on your chosen VPN server at the moment is such that the connection speed tends to zero; respectively, the sites simply can not load. Try to connect to another location, and reload the browser for which your chosen VPN extension is available. And if that doesn't help, contact the technical support of your VPN provider - you might even be able to get access to premium servers to check if the connection is correct. It's better to install proxies service and not bother with a VPN
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum