Routing Rule Problem

Cryptograph · May 22, 2023, 11:45am

Hello,

I am using Pritunl version “v1.30.3431.73”. I have private networks on my servers, and access to the servers is possible through VPN over the private network. I have defined a routing rule on the VPN that allows access only to the private network. However, in all the versions released after “v1.30.3431.73”, this routing rule does not work. I have tested each version after “v1.30.3431.73”, and the routing rule I defined does not function properly. I had to downgrade back to the same version without changing the defined rule to resolve the issue. There seems to be a problem with routing in the latest versions, and I kindly request you to investigate it.

zach · May 22, 2023, 3:31pm

What is the routing rule? There was a transition to ipset in recent releases, if you are modifying the iptables on the system the new ipset design may require changes.

Cryptograph · May 22, 2023, 6:01pm

I did not make any changes to iptables. My forwarding rule is 192.168.58.0/24. This rule only works with v1.30.3431.73 this version and below.

Cryptograph · May 30, 2023, 8:48am

I realize now, when I updated to Pritunl, iptables rules gone,

I didn’t know Pritunl’s iptables rules. I googled and find below rules.

*filter
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.232.0/255.255.255.0 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
COMMIT

*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j SNAT --to-source 192.168.232.0
COMMIT

I saved this to iptables-rules.txt and run below command. After that the problem was solved.

iptables-restore < iptables-rules.txt

But shouldn’t these rules be created automatically by Pritunl?
Iptables rules are completely deleted after update.