Adding vpn kills access to other softwares

Creating a bug report/issue

Required Information

  • DietPi version | v8.12.1 : 20:50 - Mon 01/09/23
  • Distro version | 'RASPBIAN`
  • Kernel version | uname -a
  • SBC model | Rp3b+
  • Power supply used | (EG: 5V 3A official)
  • SD card used | SanDisk ultra

Additional Information (if applicable)

  • Software title | OpenVpn
  • Was the software title installed freshly or updated/migrated?
  • Can this issue be replicated on a fresh installation of DietPi?
    ← If you sent a “dietpi-bugreport”, please paste the ID here →
  • Bug report ID | echo $G_HW_UUID

Steps to reproduce

  1. …setup vpn through dietpi-vpn

Expected behaviour

  • …vpn active and other softwares working fine

Actual behaviour

  • …vpn is active, but I am not able to access any of the other softwares until I remove openvpn.

Extra details

So you connect to an external VPN service but then what is not working? You are not reaching your webservices, hosted on the device?
Also not from local network?
Please provide some more info.

After setting up the vpn, I am not able to access any of the other services I installed EXCEPT transmission. Even stuff I setup in a docker is not accessible. I am on a local network. Im able to ssh into the pi just fine but any other service is not responding. Even though in the dietpi-services they all show as active.

Have a look into this topic, probably you have the killswitch on

Yes if activate, our killswitch will block nearly every access from local network

shouldnt the killswitch only apply on connection loss? I am connected so the killswitch shouldnt be active?

We allow SSH connection, even if killswitch has been selected. All other connections should be rejected.

Right, but shouldnt the killswitch only turn on if connection to the vpn becomes disconnected?

The current implementation of the killswitch blocks every traffic not passing the tunnel

The point of the killswitch is to reject any traffic which doesn’t go through the tunnel, to prevent leaks. It is not the most elegant way, but it is considered the most secure.

1 Like