infinity85 , I've just upload version 2.2.4 which adds support for up/down scripts. I've only tested up scripts on Windows and it'll be a while before I get to test this on my LibreELEC boxes. If you want to create an 'up.sh' in your UserDefined directory, then reset the .ovpn files, then it should detect that you want to use an up script and update your user defined .ovpn files to include the right parameter to cause the script to run after the connection has been established. I think within this script you're wanting to put the iptable modifications you mentioned previously in this thread.
On Windows, the down script is not run. I think this is because of how I'm killing the task. On Linux, I use a more appropriate method of terminating the task which *may* allow the down script to run. As I said, I need to test on my LibreELEC box to know if this is the case.
There's a small amount of doc here Home · Zomboided/service.vpn.manager Wiki · GitHub but it pretty much covers what you know/I've just told you.
If this does work, then I might look to roll it out to all VPN providers, but to be honest I have no idea how many of them don't do some amount of firewalling/blocking for you. I might just be a handful that let everything in like you're seeing with Pure.
I've tested it (honestly not completely understood how to use it):
To have some kind of reproducibility I went the usual way and used your provided *.ovpn scripts, i.e. "PureVPN" instead of "User-Default".
- At first chose a PureVPN server without up.sh. Got this error message:
OpenVPN.log shows that in line 20 (ifconfig-nowarnscript-security) is an unrecognized option or missing parameter:
Line 20: "ifconfig-nowarnscript-security 2"
- I was able to connect to VPN after deleting this line.
- Okay, so I went over to try the new up.sh method. I created the up.sh with the mentioned rules
- Tried reconnecting again:
- Apparently it has to be done chmod +x, so I did: chmod +x /storage/.kodi/userdata/addon_data/service.vpn.manager/UserDefined/up.sh
- This solved the error, but led to another one:
error in openVPN.log:
- so I added "script-security 2" to the ovpn file. Then this error showed up:
- I gave up after this
According to your wiki, the rules would be set 'after' establishing the connection. If that is true, then wouldn't that be a kind of risky solution?