[SOLVED]How to setup a "kill switch" for a vpn via firewall rules?

Connection sharing, Firewall, Samba..etc
Forum rules
Before you post please read how to get help
Post Reply
User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

[SOLVED]How to setup a "kill switch" for a vpn via firewall rules?

Post by Mintuser998 » Tue Jun 05, 2018 2:20 pm

I read somewhere I could do this by setting incoming and outgoing to deny except for my vpn. How do I do it?
Last edited by Mintuser998 on Mon Jun 18, 2018 5:33 pm, edited 1 time in total.
Funny signature here:

User avatar
greerd
Level 5
Level 5
Posts: 981
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by greerd » Tue Jun 05, 2018 4:42 pm

One way to do it is by using ufw rules, here's a link from AirVPN's forum. See randombit's entry on page three, note that you'll have to edit the ip addresses to suit your needs, also you might have to add your dns server address in their somewhere.

User avatar
phd21
Level 16
Level 16
Posts: 6956
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by phd21 » Tue Jun 05, 2018 5:14 pm

Hi Mintuser998,

If you are using Linux Mint Cinnamon, there is a cool VPN applet which can do this without setting up firewall rules.
Applets : VPN Look-Out Applet : Cinnamon Spices
https://cinnamon-spices.linuxmint.com/applets/view/305

Cinnamon VPN applet - Google Search
https://www.google.com/search?source=hp ... xXzLFZ7LXc

===============================================================================================
There are also other methods in other existing posts in this forum and on the Internet on this topic.

VPN Kill switch for Linux – Protect from VPN drops and DNS leaks | El Rincón del Tío Nuke
https://www.nukeador.com/06/07/2017/vpn ... dns-leaks/

How I connect to a VPN with no DNS leakage and a kill switch.
https://www.linuxquestions.org/question ... 175618851/

linux ubuntu 16.04 vpn killswitch - Google Search
https://www.google.com/search?source=hp ... DG7-OCSu_A

Hope this helps ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by Mintuser998 » Tue Jun 05, 2018 5:49 pm

I'm using this article. https://thetinhat.com/tutorials/misc/li ... ewall.html
How do I check if my vpn is using tun0? I don't know what to look for after using the ifconfig command.
Funny signature here:

User avatar
phd21
Level 16
Level 16
Posts: 6956
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by phd21 » Tue Jun 05, 2018 7:14 pm

Hi Mintuser998,

if you run "ifconfig" and there is a "tun" category listed like "tun0", "tun1", "tun2", etc... then you are connected to a VPN.

That link from "tinhat" you just referred too is mentioned in other post regarding this topic and is a good link.

The "indictor-ip" applet that works on all editions of Linux Mint can also show that.
indicator-ip: Ubuntu indicator that displays local and Public Wan external IP addresses.
https://github.com/bovender/indicator-ip


If you are using Linux Mint Cinnamon, there is that VPN Look out applet.

Linux Mint 18.x (leave off the "| grep DNS" to see much more information)

Code: Select all

sudo nmcli dev show | grep DNS
Linux Mint 17..x

Code: Select all

sudo nmcli d list | grep DNS
or

Code: Select all

sudo apt-get install nm-tool

Code: Select all

sudo nm-tool | grep DNS

Hope this helps ...
Phd21: Mint KDE 17.3 & 18.3, 64-bit Awesome OS, Ancient Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram,256gb SDD, Video: Intel 4 Graphics, DVD Lightscribe. Why I use KDE?:https://opensource.com/life/15/4/9-reasons-to-use-kde

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by Mintuser998 » Mon Jun 18, 2018 12:18 am

I tried it, and for some reason the computer can't find my shell files.

Code: Select all

user@pc ~ $ sudo chmod +x vpnfirewallmodeon vpnfirewallmodeoff
chmod: cannot access 'vpnfirewallmodeon': No such file or directory
chmod: cannot access 'vpnfirewallmodeoff': No such file or directory
Funny signature here:

User avatar
JoeFootball
Level 6
Level 6
Posts: 1452
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by JoeFootball » Mon Jun 18, 2018 10:51 am

Mintuser998 wrote:... for some reason the computer can't find my shell files.
Are you sure you're in the correct directory where the files are located? And/or are you sure you have the filenames correct? (they're conspicuously missing extensions (e.g., .sh))

Joe

User avatar
Mintuser998
Level 1
Level 1
Posts: 38
Joined: Thu May 31, 2018 1:57 pm

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by Mintuser998 » Mon Jun 18, 2018 5:30 pm

Oh yeah. I forgot I needed to mount the desktop. I just dragged the file to the terminal in place of that. The firewall "kill switch" works.
Funny signature here:

Captain Brillo
Level 2
Level 2
Posts: 89
Joined: Mon Oct 23, 2017 9:38 pm

Re: [SOLVED]How to setup a "kill switch" for a vpn via firewall rules?

Post by Captain Brillo » Fri Jun 22, 2018 11:42 pm

"VPN Lifeguard" is a really effective kill-switch for Linux. There's a deb package for it, but it requires Gambas3 >3.9 as a dependency.
And it works really, really well.

https://github.com/Philippe734/VPN-Life ... inux/1.0.4

Post Reply

Return to “Other networking topics”