M
M
Mark Struchkov2021-07-21 03:17:39
VPN
Mark Struchkov, 2021-07-21 03:17:39

How to make the Internet unavailable without vpn on the server?

Hello
There is a server that acts as a client for the wireguard server. That is, access to the Internet and connection for this server occurs only through vpn, there is no access from outside.

The problem is that vpn can fall off, and then access from outside will appear. How to make it so that in the absence of a vpn connection, access to it from the outside does not appear?

Answer the question

In order to leave comments, you need to log in

1 answer(s)
H
hint000, 2021-07-21
@hint000

Google like this: https://www.google.com/search?q=killswitch+wireguard
Found here https://git.zx2c4.com/wireguard-tools/about/src/ma...

Building on the last example, one might attempt the so-called ''kill-switch'', in order to prevent the flow of unencrypted packets through the non-WireGuard interfaces, by adding the following two lines 'PostUp' and 'PreDown' lines to the '[Interface]' section:
PostUp = iptables -I OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! --mark $(wg show %i fwmark) -m addrtype ! --dst-type LOCAL -j REJECT

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question