[SOLVED]How to setup a "kill switch" for a vpn via firewall rules?

Questions about Wi-Fi and other network devices, file sharing, firewalls, connection sharing etc
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
Mintuser998

[SOLVED]How to setup a "kill switch" for a vpn via firewall rules?

Post by Mintuser998 »

I read somewhere I could do this by setting incoming and outgoing to deny except for my vpn. How do I do it?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
greerd
Level 6
Level 6
Posts: 1060
Joined: Sat Jul 31, 2010 10:58 am
Location: Nova Scotia, Canada

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by greerd »

One way to do it is by using ufw rules, here's a link from AirVPN's forum. See randombit's entry on page three, note that you'll have to edit the ip addresses to suit your needs, also you might have to add your dns server address in their somewhere.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by phd21 »

Hi Mintuser998,

If you are using Linux Mint Cinnamon, there is a cool VPN applet which can do this without setting up firewall rules.
Applets : VPN Look-Out Applet : Cinnamon Spices
https://cinnamon-spices.linuxmint.com/applets/view/305

Cinnamon VPN applet - Google Search
https://www.google.com/search?source=hp ... xXzLFZ7LXc

===============================================================================================
There are also other methods in other existing posts in this forum and on the Internet on this topic.

VPN Kill switch for Linux – Protect from VPN drops and DNS leaks | El Rincón del Tío Nuke
https://www.nukeador.com/06/07/2017/vpn ... dns-leaks/

How I connect to a VPN with no DNS leakage and a kill switch.
https://www.linuxquestions.org/question ... 175618851/

linux ubuntu 16.04 vpn killswitch - Google Search
https://www.google.com/search?source=hp ... DG7-OCSu_A

Hope this helps ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Mintuser998

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by Mintuser998 »

I'm using this article. https://thetinhat.com/tutorials/misc/li ... ewall.html
How do I check if my vpn is using tun0? I don't know what to look for after using the ifconfig command.
phd21
Level 20
Level 20
Posts: 10103
Joined: Thu Jan 09, 2014 9:42 pm
Location: Florida

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by phd21 »

Hi Mintuser998,

if you run "ifconfig" and there is a "tun" category listed like "tun0", "tun1", "tun2", etc... then you are connected to a VPN.

That link from "tinhat" you just referred too is mentioned in other post regarding this topic and is a good link.

The "indictor-ip" applet that works on all editions of Linux Mint can also show that.
indicator-ip: Ubuntu indicator that displays local and Public Wan external IP addresses.
https://github.com/bovender/indicator-ip


If you are using Linux Mint Cinnamon, there is that VPN Look out applet.

Linux Mint 18.x (leave off the "| grep DNS" to see much more information)

Code: Select all

sudo nmcli dev show | grep DNS
Linux Mint 17..x

Code: Select all

sudo nmcli d list | grep DNS
or

Code: Select all

sudo apt-get install nm-tool

Code: Select all

sudo nm-tool | grep DNS

Hope this helps ...
Phd21: Mint 20 Cinnamon & xKDE (Mint Xfce + Kubuntu KDE) & KDE Neon 64-bit (new based on Ubuntu 20.04) Awesome OS's, Dell Inspiron I5 7000 (7573) 2 in 1 touch screen, Dell OptiPlex 780 Core2Duo E8400 3GHz,4gb Ram, Intel 4 Graphics.
Mintuser998

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by Mintuser998 »

I tried it, and for some reason the computer can't find my shell files.

Code: Select all

user@pc ~ $ sudo chmod +x vpnfirewallmodeon vpnfirewallmodeoff
chmod: cannot access 'vpnfirewallmodeon': No such file or directory
chmod: cannot access 'vpnfirewallmodeoff': No such file or directory
User avatar
JoeFootball
Level 13
Level 13
Posts: 4674
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by JoeFootball »

Mintuser998 wrote:... for some reason the computer can't find my shell files.
Are you sure you're in the correct directory where the files are located? And/or are you sure you have the filenames correct? (they're conspicuously missing extensions (e.g., .sh))

Joe
Mintuser998

Re: How to setup a "kill switch" for a vpn via firewall rules?

Post by Mintuser998 »

Oh yeah. I forgot I needed to mount the desktop. I just dragged the file to the terminal in place of that. The firewall "kill switch" works.
Captain Brillo

Re: [SOLVED]How to setup a "kill switch" for a vpn via firewall rules?

Post by Captain Brillo »

"VPN Lifeguard" is a really effective kill-switch for Linux. There's a deb package for it, but it requires Gambas3 >3.9 as a dependency.
And it works really, really well.

https://github.com/Philippe734/VPN-Life ... inux/1.0.4
Locked

Return to “Networking”