? Editing: Post:21.body Save Delete Cancel
Content changed Sign & Publish new content

The Blinking Prompt Times █

Zite Index/Best Of
Latest znqa release : 0.2.0
I'm on ZeroMe
Feel free to propose a Chinese translation !
寻找这篇文章的翻译!
谢谢!
Best viewed in Dark Mode™, like anything else really :)

Follow in NewsfeedFollowing

Latest comments:

Add new post

Title

21 hours ago · 2 min read ·
3 comments
Body
Read more

Not found

A simple OpenVPN kill switch with iptables

on Jan 21, 2018

lock.png (64x64)

If you're using a VPN, you probably already know that disconnections might happen for whichever reason and the last thing you want is leaking your Internet traffic outside of the VPN tunnel.

Fortunately, on Linux (and BSD/macOS too but that's gonna be for another time) a kill switch on its simplest form is relatively easy to do, here's how :

You have to restrict all traffic to your VPN interface (here tun0 ) and then allow DNS queries (UDP:53) and VPN traffic (UDP:1194/TCP:1194) to be passed through the tunnel, you then deny (DROP) all output not matching the previous rules.

iptables -F OUTPUT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -m tcp --dport 1194 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -o tun0 -j ACCEPT
iptables -A OUTPUT -j DROP
iptables --policy OUTPUT DROP

Based on https://forum.level1techs.com/t/openvpn-network-kill-switch/113111

0 Comment:

user_name1 day ago
Reply
Body
This page is a snapshot of ZeroNet. Start your own ZeroNet for complete experience. Learn More