Я использую язык чероки для хостинга приложений Django. Очень стабильный и легкий развернуть распространенные приложения
I wouldn't use conntrack in this scenario but a much simpler set
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A INPUT -s 10.10.10.10 -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -d 10.10.10.10 -j ACCEPT
No need for any connection tracking. You also don't need the DROP
rules at the end, by the way, the -P ... DROP
takes care of that.
You'll also want to make sure that you use the IP of the VPN server in your config, otherwise, you'll have to whitelist DNS too:
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --sport 53 -j ACCEPT