Jump to content

OpenVPN - Block all traffic on connection failure


datura
 Share

Recommended Posts

Hi guys, I've got a VPS running OpenVPN. I'm using the VPN in a VM running Windows 7, and I need to be able to add the ability to block all traffic/real IP leaking if the VPN suddenly disconnects for whatever reason. Is there a way to do this with OpenVPN, or a third party client I can use?

Thanks

Link to comment
Share on other sites

I don't quite understand what the trigger on which machine should be. Consider this:

Your machine <--1--> Remote VPN service <--2--> Internet

If this awesome bit of ASCII art doesn't apply to your situation, then please correct me, but assuming it does...

What you're essentially asking is to monitor the '1' connection and if, for whatever reason, it disappears, no other forms of networking is attempted - the network will be down until you manually re-establish '1' again. Is that the idea?

Link to comment
Share on other sites

I don't quite understand what the trigger on which machine should be. Consider this:

Your machine <--1--> Remote VPN service <--2--> Internet

If this awesome bit of ASCII art doesn't apply to your situation, then please correct me, but assuming it does...

What you're essentially asking is to monitor the '1' connection and if, for whatever reason, it disappears, no other forms of networking is attempted - the network will be down until you manually re-establish '1' again. Is that the idea?

That's what it sounds like. He doesn't want any data leaking over the unsecured network. I kinda like the idea.

Link to comment
Share on other sites

Check out the OpenVPN parameter --down potentially with the --up-restart parameter.

I'm thinking that you can use 'ifconfig <device> down' as command parameter for --down or maybe even drop all the network routes or... well, you have a command that gets run. The world is your oyster.

Link to comment
Share on other sites

Check out the OpenVPN parameter --down potentially with the --up-restart parameter.

I'm thinking that you can use 'ifconfig <device> down' as command parameter for --down or maybe even drop all the network routes or... well, you have a command that gets run. The world is your oyster.

Mmmmmm, yak snot! :lol:

Link to comment
Share on other sites

Isn't this called a kill switch? If you google for openvpn and killswitch you'll find more people with this concern...and certainly I agree that all vpn software should have this option.

You might be able to configure your firewall to deny all outgoing traffic accept to the vpn server IP.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...