[SOLVED] Cannot open NZBget when VPN is active

Bert-Jan56

New Member
Joined
Aug 31, 2020
Messages
11
Reaction score
3
Credits
101
have Linux Mint installed on two PC's. One is my main PC, the other one is meant for downloading stuff. On de download PC I installed NZBget and a VPN (NordVPN). I would like to open the NZBget webpage on my main PC by going to <ip-address-of-download-pc>:6789
This works fine as long as the VPN is off on the download PC, but as soon as I turn it on, I cannot open NZBget on the main PC anymore; I get a time-out.

I'm relatively new to Linux. I used to use Windows with a very similar setup and that worked fine, with or without a active VPN connection.
Probably I'm just overlooking or forgetting something.
Any help is much appreciated!

System: Kernel: 5.4.0-42-generic x86_64 bits: 64 compiler: gcc v: 9.3.0 Desktop: Cinnamon 4.6.7 wm: muffin 4.6.3 dm: LightDM 1.30.0 Distro: Linux Mint 20 Ulyana base: Ubuntu 20.04 focal
 


f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,789
Reaction score
3,439
Credits
34,886
On your home network you are connecting to your LAN, your LAN has a private range. As soon as you activate your VPN connection you are connected to a virtual private network of your VPN provider. This network is also a private range. I would think then that all your traffic then gets routed through private network of the VPN provider, which then causes a time out when you try to reach that machine on the the ip adress of your local LAN. What is the range of your local LAN and what is private range you are connected to when you are connected to your VPN provider on that download PC? Also could you share what the gateway is of the download PC when you are not connected to the VPN and when you are connected to the VPN?
 
OP
B

Bert-Jan56

New Member
Joined
Aug 31, 2020
Messages
11
Reaction score
3
Credits
101
Thank you for your reply. I'm not really at home with networking, I´ll very likely make some daft remarks, but as far as I can tell these are the addresses.

Without VPN
ens18:
inet 192.168.1.50 netmask 255.255.255.0 broadcast 192.168.1.255
gateway:
default via 192.168.1.1 dev ens18

With VPN
(ens18 is the same, now there is also tun0)
tun0:
inet 10.8.2.24 netmask 255.255.255.0 destination 10.8.2.24
gateway:
0.0.0.0/1 via 10.8.2.1 dev tun0
default via 192.168.1.1 dev ens18

I tried to reach NZBget on 10.8.2.24:6789, but that also produced a time out
I hope this is the information you were requesting. Again thanks for the help.
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,789
Reaction score
3,439
Credits
34,886
When your download host is connected to your VPN are you able to ping the download machine(192.168.1.50) from your other machine?
 
OP
B

Bert-Jan56

New Member
Joined
Aug 31, 2020
Messages
11
Reaction score
3
Credits
101
No, I'm not.
Probably should have added that to my original post.
 
Last edited:

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,789
Reaction score
3,439
Credits
34,886
No, I'm not.
Probably should have added that to my original post.
I actually created the same sort of setup in on in my lab environment, and I am still able to reach the usenet downloader when I am connected to vpn on the download machine and connecting from the client machine. Can run the following command on the download machine:
Code:
netstat -tulpn | grep  6789
Then share the output here.
 
OP
B

Bert-Jan56

New Member
Joined
Aug 31, 2020
Messages
11
Reaction score
3
Credits
101
Without using root I get an error saying:
'(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)'
When I switch to root, there is no output at all, it just gives me the prompt again, either with or without a sudo suVPN connection.

Not sure if that is an expected outcome, so I double-checked my spelling.
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,789
Reaction score
3,439
Credits
34,886
Without using root I get an error saying:
'(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)'
When I switch to root, there is no output at all, it just gives me the prompt again, either with or without a sudo suVPN connection.

Not sure if that is an expected outcome, so I double-checked my spelling.
Did you do it while nzbget was running? I would expect something like this:
Code:
[email protected]:/etc/systemd/system# netstat -tulpn | grep  6789
tcp        0      0 192.168.122.65:6789     0.0.0.0:*               LISTEN      6211/nzbget
 
OP
B

Bert-Jan56

New Member
Joined
Aug 31, 2020
Messages
11
Reaction score
3
Credits
101
Ah, no, sorry.
I'll get there eventually ...

With or without VPN the response is:

Code:
tcp     0      0  0.0.0.0:6789        0.0.0.0:*       LISTEN      2201/./nzbget
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,789
Reaction score
3,439
Credits
34,886
Looks good. I think this is the problem though:
0.0.0.0/1 via 10.8.2.1 dev tun0
default via 192.168.1.1 dev ens18

You already gave me the ip and gateway information earlier. Could you just give me the full output of the ip route command and route -n when connected to the VPN?
 
Last edited:
OP
B

Bert-Jan56

New Member
Joined
Aug 31, 2020
Messages
11
Reaction score
3
Credits
101
This is way above my head :)

ip route
Code:
0.0.0.0/1 via 10.8.2.1 dev tun0
default via 192.168.1.1 dev ens18 proto dhcp metric 20100
10.8.2.0/24 dev tun0 proto kernel scope link src 10.8.2.19
128.0.0.0/1 via 10.8.2.1 dev tun0
169.254.0.0/16 dev ens18 scope link metric 1000
185.217.171.15 via 192.168.1.1 dev ens18
192.168.1.0/24 dev ens18 proto kernel scope link src 192.168.1.50 metric 100

route -n
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.8.2.1        128.0.0.0       UG    0      0        0 tun0
0.0.0.0         192.168.1.1     0.0.0.0         UG    20100  0        0 ens18
10.8.2.0        0.0.0.0         255.255.255.0   U     0      0        0 tun0
128.0.0.0       10.8.2.1        128.0.0.0       UG    0      0        0 tun0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 ens18
185.217.171.15  192.168.1.1     255.255.255.255 UGH   0      0        0 ens18
192.168.1.0     0.0.0.0         255.255.255.0   U     100    0        0 ens18
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,789
Reaction score
3,439
Credits
34,886
I'm not expert when it comes to this. Doesn't look to strange, when I see the routing tables. I don't think it should matter, but what VPN connection type are you using, openvpn or another one? Also I have tried everything to copy your setup but I am not running into the same issue. What VPN provider are you using, will see if I can get a trial account and then test my copy of your setup again.
 
OP
B

Bert-Jan56

New Member
Joined
Aug 31, 2020
Messages
11
Reaction score
3
Credits
101
It works!
Your idea that it might be the provider caused me to delve a little deeper. The solution turned out to be so simple that I'm sitting here red-faced.
The provider is NordVPN, but I had no idea what protocol was being used. I just assumed it was openvpn. So I checked the man page for NordVPN (which I very definitely should have done more thoroughly before). The protocol was indeed openvpn, but changing it to NordLynx did not make a difference. But as it turns out, I can simply add a subnet to the whitelist. I added 192.168.1.0/24. Bingo!

Shame on me for not checking the man page more carefully :-(

But thank you for your amazing help and your persistence in getting to the bottom of this. Really awesome support!
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,789
Reaction score
3,439
Credits
34,886
It would have been fun to have gotten a trial account to try and test it out on my end if you didn't figure it out yourself. Where did add your local LAN subnet to the whitelist, in NetworkManager or elsewhere, will be useful information to know in case someone else runs into the same problem. Also good job on figuring out the last piece yourself! :)
 
OP
B

Bert-Jan56

New Member
Joined
Aug 31, 2020
Messages
11
Reaction score
3
Credits
101
Adding the subnet to the whitelist is NordVPN specific, so I used terminal as NordVPN is controlled exclusively from there;
Code:
nordvpn whitelist add subnet 192.168.1.0/24
did the trick :)

Memo to self. FIRST read man pages ;-)

Thanks again!
 

f33dm3bits

Gold Member
Gold Supporter
Joined
Dec 11, 2019
Messages
4,789
Reaction score
3,439
Credits
34,886
Adding the subnet to the whitelist is NordVPN specific, so I used terminal as NordVPN is controlled exclusively from there;
Code:
nordvpn whitelist add subnet 192.168.1.0/24
did the trick :)

Memo to self. FIRST read man pages ;-)

Thanks again!
I see, so the protocol used is openvpn but the client used to make the connection is a nordvpn commandline client. Thanks for sharing, also for anyone else who comes across this post in the future. Glad to have have pointed your into the right direction to figure out the solution :)
 
$100 Digital Ocean Credit
Get a free VM to test out Linux!

Linux.org Hosting Donations
Consider making a donation

Members online


Top