For the security and privacy conscious, a trusted VPN is a great tool that provides encrypted communications and assured privacy while accessing networks (the internet in particular).
I use several VPNs, I have my own private OpenVPN server which I run on my main (personal) server, and also use a well known VPN service. I do use both (not at the same time) for various purposes and for different use cases which won't be discussed here.
One of the important reasons for using a VPN is to obfuscate (hide) your ip address. It's important to note that even the best VPN setups are subject to occasionally drops and disconnects. When this occurs, your system will likely fallback to using it's standards network interfaces (which it would use without a VPN) and incidentally expose your actual ip address. In sensitive environments (or countries) this can potentially lead to some very undesirable situations (including being able to find your actual location).
Enter a Kill Switch. A kill switch is basically some system which ensures that your ip address is not leaked, and ideally blocks all traffic that is not through the VPN. Hence if your VPN connection drops, your system doesn't fall back to standard network interfaces.
Many VPN services provide built in Kill Switch functionality. However, I generally prefer to roll my own, with some implementation that I trust (because I did it).
Guide
Requirements and setup
This implementation doesn't require much. Basically you need
- bash
- sudo access
- ufw (uncomplicated firewall)
All Linux distros should have these (mostly likely by default).
Make sure UFW is setup and installed (however your distro does it). For Arch based distros, you would simply do
sudo systemctl enable ufw sudo ufw enable
vpnkillswitch scripts
My killswitch consists of several bash scripts. One for starting the killswitch and the other to stopping (and resetting the firewall).
You'll need to make each of these files executable and ideally put them in some folder in your path. To make them executable, cd
into whatever folder contains the scripts
chmod +x vpnkillswitch-on chmod +x vpnkillswitch-off
Usage
WORK IN PROGRESS
References
Related articles