Skip to content

Instantly share code, notes, and snippets.

@MarcoFanti89

MarcoFanti89/VPNKillswitch.md

Last active September 2, 2023 09:29
Show Gist options
  • Save MarcoFanti89/7543995366cef37847654a704eda19ae to your computer and use it in GitHub Desktop.
Save MarcoFanti89/7543995366cef37847654a704eda19ae to your computer and use it in GitHub Desktop.
Download ZIP
OpenVPN killswitch
Raw
VPNKillswitch.md

How to avoid that in case the connection to the VPN server drops, the connection start routing via your ISP network .

Script assuming the vpn server is running on UDP port 1194

Start the killswitch, /usr/local/sbin/vpn-killswitch-start

#!/bin/bash

#accept packets to/from dhcp server
iptables -t filter -A OUTPUT -p udp --dport 67 -j ACCEPT
iptables -t filter -A INPUT -p udp --sport 67 -j ACCEPT

#packets in input allowed only coming from VPN
iptables -t filter -A INPUT -p udp --sport 1194 -j ACCEPT
iptables -t filter -i tun0 -A INPUT -j ACCEPT
iptables -t filter -A INPUT -j DROP

#packets in output allowed only to VPN
#one of these lines for each vpn server used
iptables -t filter -A OUTPUT -d ip.address.vpn.server -p udp --dport 1194 -j ACCEPT
iptables -t filter -o tun0 -A OUTPUT -j ACCEPT
iptables -t filter -A OUTPUT -j DROP

Stop the killswitch, /usr/local/sbin/vpn-killswitch-stop

#!/bin/bash
iptables -F

Monitor

while true; do clear; iptables -L -v -n; sleep 1; done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment