# No internet when vpn is running in chroot

## Atlant-T

Hello everyone.

I have 64-bit Gentoo and am trying to run 32-bit kerio-kvc (8.5.3) vpn using Chroot Guide. Unfortunately, when I start vpn, the internet is lost, but when I stop vpn, the internet is work.

There is an assumption that the reason may be related to the fact that the chroot after copying has its own independent file /etc/resolv.conf.

/etc/init.d/gentoo32

```

name="gentoo32 daemon"

description=""

command=/usr/bin/gentoo32

command_args="${gentoo32_args}"

chroot_dir=/mnt/gentoo32

depend() {

  need localmount bootmisc

}

start() {

  ebegin "Mounting 32-bit chroot directories"

  mount --rbind /dev "${chroot_dir}/dev" >/dev/null

  mount --rbind /sys "${chroot_dir}/sys" >/dev/null

  mount -t proc none "${chroot_dir}/proc" >/dev/null

  mount -o bind /tmp "${chroot_dir}/tmp" >/dev/null

  mount -o bind /usr/portage "${chroot_dir}/usr/portage/" >/dev/null

  mount -t tmpfs -o nosuid,nodev,noexec,mode=755 none "${chroot_dir}/run" >/dev/null

  eend $? "An error occured while attempting to mount 32bit chroot directories"

  ebegin "Copying 32bit chroot files"

  cp -pf /etc/resolv.conf /etc/passwd /etc/shadow /etc/group \

         /etc/gshadow /etc/hosts "${chroot_dir}/etc" >/dev/null

  cp -Ppf /etc/localtime "${chroot_dir}/etc" >/dev/null

  eend $? "An error occured while attempting to copy 32 bits chroot files."

}

stop() {

  ebegin "Unmounting 32-bit chroot directories"

  umount -fR "${chroot_dir}/dev" >/dev/null

  umount -fR "${chroot_dir}/sys" >/dev/null

  umount -f "${chroot_dir}/proc" >/dev/null

  umount -f "${chroot_dir}/tmp" >/dev/null

  umount -f "${chroot_dir}/usr/portage/" >/dev/null

  umount -f "${chroot_dir}/run" >/dev/null

  eend $? "An error occured while attempting to unmount 32bit chroot directories"

}

```

route -n (origin, before starting vpn)

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         192.168.100.1   0.0.0.0         UG    2003   0        0 wlp3s0

192.168.100.0   0.0.0.0         255.255.255.0   U     2003   0        0 wlp3s0

```

route -n (chroot, before starting vpn)

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         192.168.100.1   0.0.0.0         UG    2003   0        0 wlp3s0

192.168.100.0   0.0.0.0         255.255.255.0   U     2003   0        0 wlp3s0

```

route -n (origin, after starting vpn)

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         xxx.xxx.xx.1    128.0.0.0       UG    1      0        0 kvnet

0.0.0.0         192.168.100.1   0.0.0.0         UG    2003   0        0 wlp3s0

xxx.xxx.xx.0    0.0.0.0         255.255.255.0   U     0      0        0 kvnet

128.0.0.0       xxx.xxx.xx.1    128.0.0.0       UG    1      0        0 kvnet

134.17.25.89    192.168.100.1   255.255.255.255 UGH   1      0        0 wlp3s0

192.168.1.0     xxx.xxx.xx.1    255.255.255.0   UG    1      0        0 kvnet

192.168.100.0   0.0.0.0         255.255.255.0   U     2003   0        0 wlp3s0

```

route -v (chroot, after starting vpn)

```

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

0.0.0.0         xxx.xxx.xx.1    128.0.0.0       UG    1      0        0 kvnet

0.0.0.0         192.168.100.1   0.0.0.0         UG    2003   0        0 wlp3s0

xxx.xxx.xx.0    0.0.0.0         255.255.255.0   U     0      0        0 kvnet

128.0.0.0       xxx.xxx.xx.1    128.0.0.0       UG    1      0        0 kvnet

134.17.25.89    192.168.100.1   255.255.255.255 UGH   1      0        0 wlp3s0

192.168.1.0     xxx.xxx.xx.1    255.255.255.0   UG    1      0        0 kvnet

192.168.100.0   0.0.0.0         255.255.255.0   U     2003   0        0 wlp3s0

```

----------

## roccobaroccoSC

Do you want to use your VPN for Internet access, or you just want access to the VPN but your Internet connections should be through your router as usual? (I myself use the second option.)

I assume you want to connect to the Internet through your VPN, judging from the routing configuration, is the assumption correct?

In case of network problems, I usually follow this procedure:

* Are all network interfaces up, do all bridges contain the required members?

```
ifconfig

brctl show
```

* Make sure IP settings are correct on all hosts participating in your route - workstation, gateway, etc. (ip addresses and masks should be checked for typoes). Validate with a ping or traceroute (use -n in order to avoid running into DNS issues at this point).

```
ping -n xxx.xxx.xx.1
```

* Does your VPN gateway has IP forwarding enabled? If someone else manages it, assume it's ok.

```
cat /proc/sys/net/ipv4/ip_forward

1

```

* Check your firewall rules (maybe your firewall does not account properly for the new IP addresses after connecting to the VPN). Check your firewall log. With iptables you need to edit the rules and add specific LOG targets, which I can't explain easily here.

* Are routes set properly in both directions. You can use tcpdump on the remote side to see if the packets arrive and if response is sent back.

* If ping -n works, check your DNS configuration. The nameservers in /etc/resolv.conf should be pingable and test them with "dig" or "drill".

```
dig @YOUR_DNS_SERVER_IP www.freebsd.org

drill @YOUR_DNS_SERVER_IP www.freebsd.org

```

----------

## Hu

 *Atlant-T wrote:*   

> I have 64-bit Gentoo and am trying to run 32-bit kerio-kvc (8.5.3) vpn using Chroot Guide.

 Why are you running this in a 32-bit chroot, instead of running in the main environment? *Atlant-T wrote:*   

> Unfortunately, when I start vpn, the internet is lost, but when I stop vpn, the internet is work.

 In what way is Internet access lost?  What fails?  What still works?  When the VPN is running, are applications in the 32-bit root able to use the Internet, or are they also broken? *Atlant-T wrote:*   

> There is an assumption that the reason may be related to the fact that the chroot after copying has its own independent file /etc/resolv.conf.

 The chroot would then use separate nameservers, yes.  If the VPN blocks access to your regular nameservers, then applications outside the chroot would lose access to DNS (but not to the Internet generally). *Atlant-T wrote:*   

> route -n (origin, before starting vpn)

 Routes are part of the network namespace, not the filesystem root state.  Starting the VPN in the chroot switches both the main system and the chroot to use the VPN's network configuration.  If you don't like this, you could use a network namespace to isolate the VPN, so that the host remains unaware the VPN is in use.

----------

## dimko

Your VPN, can you ping smth like 8.8.8.8 when running it?

If responds - Internet works. Perhaps DNS doesn't.

If pings go through, do dig command:

dig google.com

if no DNS response, try using 8.8.8.8 as DNS server(just for test, dont trust google!)

----------

## CarleyGregory

Most likely, the user load on your chosen VPN server at the moment is such that the connection speed tends to zero; respectively, the sites simply can not load. Try to connect to another location, and reload the browser for which your chosen VPN extension is available. And if that doesn't help, contact the technical support of your VPN provider - you might even be able to get access to premium servers to check if the connection is correct. It's better to install proxies service and not bother with a VPN

----------

