Can't SSH after enabling dietpi-vpn killswitch

Having issues with your DietPi installation or found a bug? Post it here.
vbarter
Posts: 19
Joined: Mon Feb 17, 2020 10:15 am

Re: Can't SSH after enabling dietpi-vpn killswitch

Post by vbarter »

trendy wrote: Mon May 31, 2021 12:22 pm @MichaIng I think the current killswitch is lacking ssh for remote administration.
@vbarter edit /var/lib/dietpi/dietpi-vpn/killswitch.rules and add:

-A INPUT -s 192.168.0.0/16 -m conntrack --ctstate NEW -p tcp --dport 22 -j ACCEPT
-A INPUT -s 172.16.0.0/12 -m conntrack --ctstate NEW -p tcp --dport 22 -j ACCEPT
-A INPUT -s 10.0.0.0/8 -m conntrack --ctstate NEW -p tcp --dport 22 -j ACCEPT


before the last line with COMMIT
Hello,

Thanks for this idea, but after making the change to that killswitch.rules file it does not save if I ever turn off the killswitch option in dietpi-vpn. I made the edit, reconnected vpn, but when I try to turn off the killswitch that rules file disappears when I check via ls command. When I re-enable the killswitch it appears a fresh, unmodified killswitch.rules is created.


Thank you @MichaIng for marking this as an potential improvement in github. I hope it can possibly be an option for SSH within local network only. For now I'm using Up and Down scripts to stop and start the specific software I want under VPN.
User avatar
MichaIng
Site Admin
Posts: 3023
Joined: Sat Nov 18, 2017 6:21 pm

Re: Can't SSH after enabling dietpi-vpn killswitch

Post by MichaIng »

Currently iptables changes would need to be done via "up" script that can be configured in dietpi-vpn as well. Add the iptables commands to add those rules individually. That script runs after the others, after the tunnel has been established and the other killswitch rules have been applied.
User avatar
trendy
Posts: 314
Joined: Tue Feb 25, 2020 2:54 pm

Re: Can't SSH after enabling dietpi-vpn killswitch

Post by trendy »

Don't forget to prefix iptables before the -A ...
Post Reply