VPN Firewall doesn't work

I’m tunneling VPN through TOR.
user → TOR → VPN
Everything is working fine, but I’ve decided to use your Fail Closed Mechanism.
I start it before OpenVPN, then start OpenVPN and it shows me “Initialization Sequence Completed”
But I can’t get access to the internet.
Here is my openvpn config:

client dev tun auth-user-pass /home/user/Desktop/auth.txt #remote vpn.riseup.net 1194 remote 198.252.153.26 1194 ca /home/user/Desktop/RiseupCA.pem remote-cert-tls server script-security 1 #user nobody #group nobody proto tcp #log /var/log/openvpn.log

and here is vpnfirewall config:

[code]###########################

configuration

###########################

IP address of the VPN server.

Get the IP using: nslookup vpn-example-server.org

Example: seattle.vpn.riseup.net

Some providers provide multiple VPN servers.

You can enter multiple IP addresses, separated by spaces

VPN_SERVERS=“198.252.153.26”

For OpenVPN.

VPN_INTERFACE=tun0

Destinations you don not want routed through the VPN.

LOCAL_NET=“192.168.1.0/24 192.168.0.0/24 127.0.0.0/8”[/code]
What I’m doing wrong?

Where? On host, gateway or workstation?

Can you test if it works without fail closed mechanism?

On Whonix-Workstation

Yes, VPN is working without VPN-Firewall, as I said. But when I use VPN with firewall it doesn’t work.

This is indeed at the moment not easily possible without knowledge of iptables.

Created ⚓ T158 whonix-ws-firewall needs a VPN_FIREWALL feature for it.

You might be lucky, I might add this feature soon. Then you could get the updated firewall script and settings files from git[hub].

So, what’s now? Do you have any progress?

No progress. More difficult than anticipated. It’s a low priority feature request. Unless someone steps up and helps this will take a long time. You can follow the (non-)progress here:
https://phabricator.whonix.org/T158