I have a Raspberry Pi 3 set up as a NAS drive for my home network. The RPi also runs deluge and OpenVPN to anonymously share Linux distros. I’ve set the system up with some IP Tables rules to so that all network traffic of the Deluge user (who runs the deluge deamon) is routed through the tun0 interface. If the VPN goes down, the deluge user has no internet access.
Recently, the OpenVPN connection has been playing up. No internet connection is available, and sometimes multiple tunx interfaces will appear if I stop/start OpenVPN. This connection is configured to use Private Internet Access servers. I have confirmed that this account is still active and works using my desktop PC.
To set this all up I followed a good number of guides. I’m a bit lost as to how to begin to diagnose this issue, but I would like to learn. Could anyone please direct me to where I would begin looking? I considered a wipe and starting again but I’d rather fix it.
Could anyone please direct me to where I would begin looking?
openvpn writes its logs to where ever the “log-append” directive in the config file points. Or probably syslog on raspbian if you don’t specify. If that has no meaningful information, you can increase openvpn’s verbosity with the “verb” directive. I use “verb 4” (I think 3 is the default) on all my instances.
As a stab in the dark:
No internet connection is available, and sometimes multiple tunx interfaces will appear if I stop/start OpenVPN.
The “persist-tun” directive may be helpful. The openvpn man page describes:
Don’t close and reopen TUN/TAP device or run up/down scripts across SIGUSR1 or --ping-restart restarts.
SIGUSR1 is a restart signal similar to SIGHUP, but which offers finer-grained control over reset options.
You might also try the directive: “resolv-retry infinite” which the example openvpn config describes:
Keep trying indefinitely to resolve the
host name of the OpenVPN server. Very useful
on machines which are not permanently connected
to the internet such as laptops.
You could also completely block openvpn from creating a tun device at anytime other than startup by downgrading its permissions through the directives “user nobody” and “group nogroup”. You may have to use the group “nobody” instead of “nogroup” on raspbian. I am not sure.