How to block ICMP traffic to my VPN server?

P

PC-Zzz2016-02-21 05:49:33

VPN

PC-Zzz, 2016-02-21 05:49:33

Good day Lord.
reading habra, https://habrahabr.ru/post/263557/
There was a question about bringing the vpn server to mind ...
I don’t have any special knowledge. that's why I'm dealing with questions like this. The
context is
Tunnel definition (two-way ping)
By running a ping to the client IP, from our server side, you can find out the approximate length of the route. The same can be done from the browser side, XMLHTTPRequest pulls an empty page of our nginx. The resulting loop difference of more than 30 ms can be interpreted as a tunnel.
Of course, the routes back and forth may differ, or the web server is a little slow, but in general, the accuracy is quite good.
The only way to protect yourself is to deny ICMP traffic to your VPN server.
Here to mean, it is necessary to restrict access to the ICMP protocol on my machine.?
If I understand everything correctly, how can I do it? on a poppy.
On shindous I found solutions, but as on a poppy ... =((

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

svd71, 2016-02-21
@svd71

Here is the answer on how to do it on OSX
superuser.com/questions/505128/deny-access-to-a-port-from-localhost-on-osx It's
not really different from other nix systems.
PS: in addition, in my opinion, you are approaching the issue from the wrong side. You need to disable icmp on the server side.

K

Kurgangermes, 2016-08-21
@Kurgangermes

Hello! Tell me, I'm interested in an application for connecting to a VPN or connecting to it, but only via the protocol for Android, but only so that in the event of a connection break, it is automatically resumed only via a secure channel.