Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
M
M
mihass2012-07-05 22:11:04
openvpn
mihass, 2012-07-05 22:11:04

How to block access to the network to everything except OpenVPN?

I have a VPN server on a remote machine. I work on Windows and want to go to the Internet through this VPN. Installed OpenVPN and everything works fine. But, if the connection to the VPN breaks, then everything goes to the network bypassing the VPN. The task is to make sure that absolutely everything works only through a VPN, and if the connection breaks, then access to the Internet is blocked.
I understand that you can somehow solve it with the help of a firewall, but nothing sensible comes out.

UPD. Asked to share the solution. I made 2 zones in the firewall, one local and the second OpenVPN. The second one indicated the local address of the openvpn server. For the local zone for all applications, he denied access to the Internet, and for the openvpn zone he allowed access to the Internet.
As a result, everything works as expected, as soon as the connection to the vpn disappears, everything breaks into the network through the local zone and the firewall does not allow this.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

5 answer(s)
Report
A
Alexey Zhurbitsky, 2012-07-05
@blo

In theory, it is enough to remove the default gateway in the routing table on a Windows machine and add a separate route to the VPN server.

Report
M
Maxim, 2012-07-06
@Bublik

With the help of the firewall, the solution is simple - close everything, open only openvpn_ip: 1194

Report
I
Igor, 2012-07-06
@shanker

you can somehow solve it with the help of a firewall, but nothing sensible comes out.

What's the problem? How do you try? It is necessary to prohibit all traffic on the local site and allow only the IP and port that is used to create OpenVPN

Report
I
Igor, 2012-07-06
@shanker

If we talk about Windows clients, then specifically for them there is a tool "openvpn protector".
You can find it here . Looks like you need to register and download. It will be there either separately or bundled with software. She just asks the user whether to connect to the Internet when the VPN disappears.
For the linux client, I did it differently. In the client's Openvpn config, I added the line: "down down.txt"
the contents of the "down.txt" file:
"#!/bin/sh -e
route del default"
after that, for the linux client, the Internet will be unavailable after the vpn connection is broken. But you have to manually set the default route before creating a new openvpn connection. Although this can also be automated.

Report
N
Nikolai Turnaviotov, 2012-07-06
@foxmuldercp

It’s not easier with the formulation of the question that I see then to make DHCP default gw - VPN ip address
on VPN - routing all traffic to vpn and when vpn drops, there will be no Internet on the subnet.

Similar questions
K
Kubozoa2021-02-18 17:36:16
Connecting an openvpn server to mikrotik behind a tplink router? 1Reply
M
MaxxDamage2019-07-18 10:33:48
How to force the tunnel to use a specific interface? 1Reply
P
Peter Krupnev2021-03-02 19:36:52
How to wrap all connections to the server through OpenVPN? 1Reply
N
nezzard2017-03-11 17:02:49
Why is apache not responding to openvpn? 1Reply
M
MARMELAD032017-03-12 19:59:28
Where can I find the openvpn server binary for a router with a MIPS processor architecture? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question