So you need to disable “redirect-gateway def1”, and handle routing changes in your scripts.įor most customers we think using iptables-persistent is the better solution. Most VPN services use the “redirect-gateway def1” option to handle routing, but they don’t touch iptables. That’s convenient, certainly, but it’s also complicated, and it requires editing VPN configuration files. And indeed, OpenVPN has hooks to run scripts, for routing and iptables, when the VPN connects and disconnects.
The old-school standard is shell scripting. There are many ways to manage iptables rules. Given that, it’s prudent to have firewall (iptables) rules that: 1) restrict traffic to the VPN tunnel 2) allow direct connections only to the VPN server and 3) block IPv6 traffic. Also, if your ISP provides IPv6 connectivity, but your VPN service does not, traffic to IPv6-capable sites will bypass the VPN tunnel, and identify you to websites. If you’re using stock OpenVPN in Linux, especially with Network Manager, leaks are possible if the VPN connection fails, or is temporarily interrupted. Read on, if you would like to have a more granular Firewall configuration or prefer to use NetworkManager or a different VPN client.
We recommend using our Linux CLI app that offers an easy-to-use built-in Firewall solution that protects you from both IP and traffic leaks.
0 kommentar(er)
