В Sun, 14 Dec 2014 19:40:21 +0100
Stanislav Baiduzhyi
On Sunday 14 December 2014 15:35:28 Cristian Rodríguez wrote:
El 14/12/14 a las 15:30, Stanislav Baiduzhyi escribió:
Using openvpn service, what is the best way to block all traffic other than VPN?
I've been looking at iptables, routes and eth0 vs tun0 devices, but I'm so far away from network stack, I'm either breaking the internet completely or still some traffic goes directly, either right away or after vpn connection failure. For some reason I had more luck setting up DD-WRT than full linux box.
My goal is, provide openvpn with '--up' script that will set the machine to have either VPN or nothing. Even if changes can be reverted only by reboot, that's fine with me.
Is this a VPN client or a vpn server ?
Client.
Are you sure you want to block all outgoing traffic when there is no VPN connection or you want the VPN to be the default gateway ?
I'm absolutely sure I want to block all other traffic.
You will need to allow traffic to/from your VPN peer and to/from your VPN device; everything else can be blocked. You can limit VPN peer traffic to OpenVPN ports to be fully paranoid. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org