Answer the question
In order to leave comments, you need to log in
How to block access to the network to everything except OpenVPN?
I have a VPN server on a remote machine. I work on Windows and want to go to the Internet through this VPN. Installed OpenVPN and everything works fine. But, if the connection to the VPN breaks, then everything goes to the network bypassing the VPN. The task is to make sure that absolutely everything works only through a VPN, and if the connection breaks, then access to the Internet is blocked.
I understand that you can somehow solve it with the help of a firewall, but nothing sensible comes out.
UPD. Asked to share the solution. I made 2 zones in the firewall, one local and the second OpenVPN. The second one indicated the local address of the openvpn server. For the local zone for all applications, he denied access to the Internet, and for the openvpn zone he allowed access to the Internet.
As a result, everything works as expected, as soon as the connection to the vpn disappears, everything breaks into the network through the local zone and the firewall does not allow this.
Answer the question
In order to leave comments, you need to log in
In theory, it is enough to remove the default gateway in the routing table on a Windows machine and add a separate route to the VPN server.
With the help of the firewall, the solution is simple - close everything, open only openvpn_ip: 1194
you can somehow solve it with the help of a firewall, but nothing sensible comes out.
If we talk about Windows clients, then specifically for them there is a tool "openvpn protector".
You can find it here . Looks like you need to register and download. It will be there either separately or bundled with software. She just asks the user whether to connect to the Internet when the VPN disappears.
For the linux client, I did it differently. In the client's Openvpn config, I added the line: "down down.txt"
the contents of the "down.txt" file:
"#!/bin/sh -e
route del default"
after that, for the linux client, the Internet will be unavailable after the vpn connection is broken. But you have to manually set the default route before creating a new openvpn connection. Although this can also be automated.
It’s not easier with the formulation of the question that I see then to make DHCP default gw - VPN ip address
on VPN - routing all traffic to vpn and when vpn drops, there will be no Internet on the subnet.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question