Unable to interface with DietPi over personal VPN

Troubleshooting
1

  • DietPi version |
    G_DIETPI_VERSION_CORE=9
    G_DIETPI_VERSION_SUB=3
    G_DIETPI_VERSION_RC=0
    G_GITBRANCH=‘master’
    G_ITOWNER=‘MichaIng’

  • Distro version |
    bullseye 1

  • Kernel version |
    Linux DietPiVPN 6.1.21-v7+ #1642 SMP Mon Apr 3 17:20:52 BST 2023 armv7l GNU/Linux

  • Architecture |
    armhf

  • SBC model |
    RPi 3 Model B+ (armv7l)

I have DietPi running on a raspberry pi 3B+ on my home network (10.0.30.0/24). I use it for sonarr, radarr, transmission and a VPN connection to NordVPN using the dietPi’s own software (as well as the kill switch enabled). On my home network I also have a Firewalla device, acting as a router. On this, I have a VPN server running so I can VPN into my home network when I’m away. The Firewalla uses Wireguard VPN software (network 10.1.30.0/24).

I however have found that when I VPN through the Firewalla into my home, AND the VPN to NordVPN on my dietpi is connected, I am unable to connect to web interfaces of anything running on the Pi (sonarr, radarr and transmission), and I also am unable to SSH into the Pi. If I disconnect the dietpi VPN, I can instantly access all of these services when away no problem.

I am also running a SynologyNAS (network also 10.1.30.0/24), which among other things I use for a different VPN server. Its VPN server uses L2TP/IPSec. Whenever I’m away from home and connect to my home LAN using the Synology VPN server, I can access the DietPi no problem, irrespective of if the DietPi VPN Nord connection is running or not.

When dietpi VPN is connected, sudo iptables -S looks like the following:

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8989 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7878 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9091 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 9117 -j ACCEPT
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -o tun0 -j ACCEPT
-A OUTPUT -d 192.168.0.0/16 -j ACCEPT
-A OUTPUT -d 172.16.0.0/12 -j ACCEPT
-A OUTPUT -d 10.0.0.0/8 -j ACCEPT
-A OUTPUT -d 84.17.39.218/32 -p udp -m udp --dport 1194 -j ACCEPT

I’m not the most technically literate user, so the reading I’ve done on here and reddit has not turned up anything useful.

I was wondering if someone could point me in the right direction in regard to troubleshooting this problem. I find it odd that I can VPN to home using L2TP/IPSec and still interface with dietpi, but can’t over wireguard.

Thanks in advance

2

A few of them.