I have pivpn installed and it works great, but I noticed that after a reboot of the server, pivpn still ‘works’: I can connect to it, but I am not able to use this connection to go outside my own network.
When I run pivpn -d it tells me:
:::: Self check ::::
:: [OK] IP forwarding is enabled
:: [OK] Ufw is enabled
:: [ERR] Iptables MASQUERADE rule is not set, attempt fix now? [Y/n]
when I fix the Iptables masquerade rule, the it works again.
but, when i reboot my server then I have to run pivpn -d again as the masquerading rule is again not loaded.
So after some research I found that the culprit (at least for me) is in the iptables service
When I do a systemctl status iptables I see that the service is loaded but inactive, so I decided to disable the service.
Issue is now gone and pivpn works correct after reboot of the server.
Not sure what will break as i disabled the iptables service (which was inactive anyway), but this at least solves the issue for me.
iptables is normally a ‘feature’ I stay clear off as it is not the first time I have burned my fingers on that service
That is also why I installed UFW as that will function as a sort of front-end to iptables
I also have fail2ban running and that uses iptables to temporarily (!) block ip adresses, so my ‘fear’ is that when saving the iptables to make them permanent i will also be saving the fail2ban rules.
Although now that I disabled the iptables service I am not sure if the firewall / fail2ban is working correct. So need to investigate that
so on reboot these are correctly added. Issue here was that the the iptables-persistent would remove them again and use its own (saved) set.
So the following needed to be done in order to make this ‘survive’ a reboot: