Answer the question
In order to leave comments, you need to log in
M
M
Mark Struchkov2021-07-21 03:17:39
Mark Struchkov, 2021-07-21 03:17:39
How to make the Internet unavailable without vpn on the server?
Hello
There is a server that acts as a client for the wireguard server. That is, access to the Internet and connection for this server occurs only through vpn, there is no access from outside.
The problem is that vpn can fall off, and then access from outside will appear. How to make it so that in the absence of a vpn connection, access to it from the outside does not appear?
1 answer(s)
@hint000
H
hint000, 2021-07-21 @hint000
Google like this: https://www.google.com/search?q=killswitch+wireguard
Found here https://git.zx2c4.com/wireguard-tools/about/src/ma...
Building on the last example, one might attempt the so-called ''kill-switch'', in order to prevent the flow of unencrypted packets through the non-WireGuard interfaces, by adding the following two lines 'PostUp' and 'PreDown' lines to the '[Interface]' section:
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
Similar questions
P
A
S
S
D
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question