trying to have traffic from a specific user on a linux machine run through a vpn tunnel. Have tried without and with the update-resolv-conf / dhcp-options
~$ cat /etc/openvpn/pia.conf
client
dev tun
proto udp
remote nl.privateinternetaccess.com 1194
resolv-retry infinite
nobind
persist-key
persist-tun
ca ca.crt
tls-client
remote-cert-tls server
auth-user-pass credentials
comp-lzo
verb 1
reneg-sec 0
log-append /var/log/piavpn.log
script-security 2
daemon
route-nopull
route-up route-up.sh
keepalive 1 30
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
dhcp-option DNS 8.8.8.8
dhcp-option DNS 8.8.4.4
~$ cat /etc/openvpn/route-up.sh
#!/bin/sh
iptables -A OUTPUT -m owner --uid-owner debian-transmission \! -o tun0 -j REJECT
~$ sudo -u debian-transmission ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_req=1 ttl=58 time=92.4 ms
64 bytes from 8.8.8.8: icmp_req=2 ttl=58 time=72.6 ms
64 bytes from 8.8.8.8: icmp_req=3 ttl=58 time=60.8 ms
~$ sudo -u debian-transmission ping www.google.com
ping: unknown host www.google.com
I don't see any REDIRECT rules in your script, you are just blocking the communication if it is not going through tun0 when the vpn is up.
one way is to use redsocks - http://darkk.net.ru/redsocks/
You want to redirect all traffic for one application to the VPN tunnel. iptables is not the correct tool here. iptables can allow and block traffic and do Network Address Translation. You want to redirect all traffic for your application. This is another layer. If you want to control traffic flow for single applications then you need to use a mechanism like SOCKS proxy. This only works if the application is supporting SOCKS proxy, too.