Only allow internet traffic if VPN is connected

Only allow internet traffic if VPN is connected

How can i make it so that all internet traffic is blocked if i'm not connected to my VPN? There is no point in using one if a failure to connect to the VPN is completely transparent. If i'm not connected to my VPN, the internet should not work. It shouldn't silently continue to work and defeat the point of using a VPN in the first place. Silent failure is unfortunately the default behavior.

I'm using Ubuntu 16.10. My VPN providor told me to use nm-connection-editor to do the initial setup of the VPN. The settings are:

答案1

So usually there is a default route set on a linux system which tells where all traffic is to be routed which is not locally connected.

~# ip r l
default via 192.168.0.1 dev wlan0 onlink

So in this example 192.168.0.1 is your local gateway, DSL router, whatever. Your VPN (I assume), when activated, overrides this default route and sends all traffic into the vpn tunnel. When the VPN breaks down without you noticing, in all likelihood the default routing is restored.

So first you want to get rid of the default route... without that rule you are effectively cut off from the internet, but are still able to reach systems in you private network.

ip r del default via 192.168.0.1 dev wlan0 onlink

However, with this rule missing you are alos cut off from the VPN gateway ch.trust.zone. You must be able to reach it in order to set up a VPN tunnel. So one routing rule has to be added to allow that and nothing else. The IP behind ch.trust.zone is 84.39.112.106. The extra route looks like this:

ip r add  84.39.112.106/32 via 192.168.0.1 dev wlan0 onlink 

Perform these steps, start your VPN and see what happens when it stops... hopefully it just restores the status quo without attempting to set a default route.

This is just a sketch of an idea, which might do what you want.

The routing needs of course somehow be persisted, for example by modifying the /etc/network/interfaces config file... otherwise you have the default route back on the next reboot.

相关内容