Jump to content
Not connected, Your IP: 3.239.233.139
go558a83nk

Do linux users need a "kill switch"?

Recommended Posts

The only linux I've used for VPN is that on my router and it has its own coding to manage policy routing and block clients if the VPN tunnel is down...

 

I don't know if the following is a real problem, especially for those who use the Eddie client.  However, I thought I'd share.

 

https://zorrovpn.com/articles/linux-iptables-vpn-only

 

which leads into the manpage for the script they've made

 

The script is free to share and edit under GNU GPL.

 

There is a section dealing with allowing access (of course) to VPN server IP.  By default that section is geared towards zorrovpn since they are the maker.  However, I'm sure it can be edited by somebody who knows what they are doing to work for Air.

Share this post


Link to post

The air client already uses iptables if the option is chosen. It also rewrites or rename/replaces the resolv.conf - dns option depending.

 

There's a rule set posted here that's similar.

https://airvpn.org/topic/9139-prevent-leaks-with-linux-iptables/

Its not stateful but by simply adding the if not '!' eth+ ! -d it really doesn't need to be. -Unless someone try's to spoof the ip.

Share this post


Link to post

The air client already uses iptables if the option is chosen. It also rewrites or rename/replaces the resolv.conf - dns option depending.

 

There's a rule set posted here that's similar.

https://airvpn.org/topic/9139-prevent-leaks-with-linux-iptables/

Its not stateful but by simply adding the if not '!' eth+ ! -d it really doesn't need to be. -Unless someone try's to spoof the ip.

 

right, iptable usage to block whatever is certainly not novel.  but, looks like zorro is trying to make it easier for people to manage automatically with their script.

Share this post


Link to post

 

The air client already uses iptables if the option is chosen. It also rewrites or rename/replaces the resolv.conf - dns option depending.

 

There's a rule set posted here that's similar.

https://airvpn.org/topic/9139-prevent-leaks-with-linux-iptables/

Its not stateful but by simply adding the if not '!' eth+ ! -d it really doesn't need to be. -Unless someone try's to spoof the ip.

 

right, iptable usage to block whatever is certainly not novel.  but, looks like zorro is trying to make it easier for people to manage automatically with their script.

 

What I meant was on linux when using the eddie client you can just go to the settings and turn on the lock option. That does the same or more than what that script is doing. So Eddie client users don't need the script as it has one built in

 

A modded version of that script might be good for newer linux users that are unable to run the client though.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...