IPv4 traffic not going through Full Tunnel on non-standard Port (443, because 1194 is picked during installation of PiVPN)

[rajannpatel]

Steps to reproduce (these steps match the titles in the README.md)

1. complete: Compute Engine Virtual Machine Setup
2. complete: Debian Update & Upgrade
3. complete: Pi-Hole Installation
4. complete: PiVPN Installation
5. complete: OpenVPN Configuration
6. complete: Managing PiVPN

Importing the mypixel3xl-tcp-443-full-tunnel.ovpn or the mypixel3xl-udp-1194-full-tunnel.ovpn profiles to either Android or iOS results in no IPv4 or IPv6 traffic going through, when the VPN is enabled in "OpenVPN Connect" or in "OpenVPN for Android".

If we modify Step 5 (OpenVPN Configuration):

• copy server.conf to server_udp1195.conf
• edit line 3 of server_udp1195.conf to reflect port 1195
• change server 10.8.0.0 255.255.255.0 to server 10.10.0.0 255.255.255.0
• change push "dhcp-option DNS 10.8.0.1" to push "dhcp-option DNS 10.10.0.1"
• edit the Google Cloud Firewall to allow traffic over Port 1195
• and enable the service with systemctl enable openvpn@server_udp1195.service followed by service openvpn restart

I am noticing that I cannot send Full Tunnel traffic over UDP on Port 1195 either.

If other people set up PiVPN with the wrong protocol/port and attempt to bring OpenVPN to another port using the steps outlined in Step 5 above, they may wind up with a partially functioning VPN Tunnel (with no Full Tunnel capabilities).

Further testing around this is required to validate if this is a real bug, or just me being crosseyed all day.

[neuhausj]

I also had the same problem and it looks like the trafic from the second interface (port 443) was not correctly forwarded to the ethernet interface.

I fixed it by adding the correct routing rule (second line) in /etc/iptables/rules.v4

-A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
-A POSTROUTING -s 10.9.0.0/24 -o eth0 -j MASQUERADE

Now both VPN instances are working (TCP 443 and UDP 1194)