Answer the question
In order to leave comments, you need to log in
How to check traffic for VPN bypass?
What are the ways to check if traffic is bypassing vpn?
My iptables settings are:
iptables -F
iptables -t nat -F
IP_VPN="37.1.220.10"
iptables -A OUTPUT -p icmp --icmp-type 0 -j DROP
iptables -A OUTPUT -p icmp --icmp-type 8 - j DROP
iptables -A OUTPUT -o eth0 -j DROP
iptables -I OUTPUT --dst $IP_VPN -j ACCEPT
iptables
-A OUTPUT -o tap0 -j ACCEPT
17:44:59.784106 IP 192.168.1.1 > all-systems.mcast.net: igmp query v3
17:45:08.516221 IP 192.168.1.1 > igmp.mcast.net: igmp v3 report, 3 group(s)
21:03 :29.362887 ARP, Request who-has 192.168.1.1 tell 192.168.1.6, length 46
21:03:30.094045 IP6 fe80::21a:13ff:fe4c:24ww > ip6-allrouters: ICMP6, router solicitation, length
16 , router solicitation, length 16
21:03:34.100105 IP6 fe80::21a:13ff:fe4c:24ww > ip6-allrouters: ICMP6, router solicitation, length 16
21:03:37.113546 IP6 fe80::21a:13ff:fe4c:24ww > ip6-allrouters: ICMP6, router solicitation, length 16
21:03:37.690372 IP6 fe80::21a:13ff:fe4c:24ww > ff02::16: HBH ICMP6, multicast listener report v2, 1 group record(s), length 28
21:03:38.110614 IP6 fe80::21a:13ff:fe4c:24ww > ip6-allrouters: ICMP6, router solicitation, length 16
21:03:39.591604 IP6 fe80::21a:13ff:fe4c:24ww.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 inf-req
21:03:40.545661 IP6 fe80::21a:13ff:fe4c:24ww.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 inf-req
21:03:41.119358 IP6 fe80::21a:13ff:fe4c :24ww > ip6-allrouters: ICMP6, router solicitation, length 16
21:03:42.497768 IP6 fe80::21a:13ff:fe4c:24ww.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 inf-req
21:03:46.350876 IP6 fe80::21a:13ff:fe4c:24ww.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 inf-req
21:03:54.126998 IP6 fe80::21a:13ff:fe4c :24ww.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 inf-req
How dangerous are they for anonymity?
Answer the question
In order to leave comments, you need to log in
Disable IPv6. It is dangerous for your anonymity.
This option is reinforced concrete!
iptables -A OUTPUT -o eth0 -j DROP
Are you sure your VPN is working? And if it works through what interface? eth1, wlan? Where does default gate look in ip route ?
Before the drop, it was necessary to put an acceptance for the packages to the server address. Well, you need to drop on all interfaces except TUN ... Why do you need a TAP interface ???
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question