On 12/14/2014 01:30 PM, Stanislav Baiduzhyi wrote:
Using openvpn service, what is the best way to block all traffic other than VPN?
I've been looking at iptables, routes and eth0 vs tun0 devices, but I'm so far away from network stack, I'm either breaking the internet completely or still some traffic goes directly, either right away or after vpn connection failure. For some reason I had more luck setting up DD-WRT than full linux box.
My goal is, provide openvpn with '--up' script that will set the machine to have either VPN or nothing. Even if changes can be reverted only by reboot, that's fine with me.
The general practice is to configure the firewall to allow only what you want, in this case OpenVPN. So just allow the UDP port it uses. When the tunnel shuts down, there should be nothing listening to that port. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org