Re: IP Burger Concern
If your running Linux use UWF fire wall...
VPN Kill Switch for Linux with UFW firewall.
UFW VPN KILLSWITCH TUTORIAL
This is a quick guide for setting up a killswitch using UFW (Uncomplicated FireWall). It is
assumed you are using SoftEther and optionally Network-Manager with
network-manager-I2TP/IPsec or OpenVPN
1. (Optional) IP Addresses
Before we can start we're going to need the IP address (or the IP addresses) of your
VPN so that we can whitelist those later on, write them down. They are obviously going
to be different for every VPN and VPNs with multiple servers, so I'll leave this up to you.
2. Install & Enable UFW
On some systems UFW is installed and enabled by default (Ubuntu, for example).
Installation procedure is going to be different for every distribution of GNU/Linux, but
once you've got it installed enabling it is easy (assuming you have sudo): sudo ufw enable
3. Block All Traffic
Block all outgoing traffic: sudo ufw default deny outgoing
And also block all incoming traffic: sudo ufw default deny incoming
4. Make an exception for L2TP/IPsec or OpenVPN
It is assumed you are using ppp0 or tun0 as a network adapter (if you're unsure: ifconfig). ppp0 = L2TP/IPsec and tun0 = OpenVPN
Allowoutgoing traffic on ppp0 or tun0: sudo ufw allow out on tun0 from any to any
And optionally allow incoming traffic on ppp0 or tun0: sudo ufw allow in on tun0 from any to any
5. (Optional) Make an exception for your VPN
At this point you're technically done, but without this setup you would need to disable UFW
every time L2TP/IPsec or OpenVPN needed to connect to your VPN and then re-enable UFW when it has connected. Instead of doing that you could add the IP addresses mentioned earlier (your VPN IP) as exceptions to UFW.
To add a single IP: (55.55.55.55 = VPN IP) sudo ufw allow out from any to 55.55.55.55
To add a range, use a mask: sudo ufw allow out from any to 55.55.55.0/24
6. Block all IPV6 Traffic
To block all ipv6 traffic by deleting rule number for ipv6: sudo ufw status numbered
sudo ufw delete 3
7. Check that it's working sudo ufw status numbered
8. You're done!
Congratulations, you've configured a VPN Killswitch on your GNU/Linux system!
Last edited by nate; 01-31-2018 at 09:09 PM.
|