Answer the question
In order to leave comments, you need to log in
How to prevent information leakage when the connection is lost via OPENVPN?
Actually the subject itself, but I would like to somehow automate this process. I have a remote VDS server that has an OPENVPN server installed, I connect to it from an OPENVPN client on Debian OS. So sometimes the provider goes down for as long as 2 minutes. Is it possible to somehow organize an automatic ban on all traffic when the connection with the OPENVPN server is lost, and after banning all traffic, organize an automatic check of the connection with the server, if there is no connection, then wait until it works and if the server is available, continue working through a secure channel. Is that possible? What is the algorithm of actions? Give me an idea please.
Answer the question
In order to leave comments, you need to log in
Deny all traffic except to the VPN server. iptables to help you.
UPD: disable everything except traffic for the VPN connection and everything that goes through the VPN tunnel.
# route del default gw
# route add -host IP_YOUR_VPN gw YOUR_GW is
actually a mustache, traffic will not go anywhere, because there is no default, traffic to the VPN server will go through gw, so that you can connect, when raising the VPN, routes will be registered.
If I understand the question correctly))
There is nothing to worry about, as soon as your openvpn turns off, no data is transmitted, packets stop running from you to the server))))) And when the provider falls into a "DOWN", data is not transmitted either)) )))
And if you have access to VDS without openvpn .... Then, in principle, it does not work for you.
about tr:
#!path_to_bash -x
ipvpn="xxx.xxxx.xxx.xxxxxx"
function ping_sh()
{
p=`which ping`;
ping_pong=`$p -q -c 4 $ipvpn > /dev/null; echo $? `;
if
then
echo "VPN accessed
start working";
CALL FUNCTION OR START LINE OPENVPN;
FUNCTION CALL OR BLALALABLAAAA xtables-iptables-arptables-ebtables ETC;
fi
if
then
echo " VPN not accessed;
stop working";
CALL FUNCTION OR STOP LINE OPENVPN;
FUNCTION CALL OR BLALALABLAAAA xtables-iptables-arptables-ebtables ETC;
fi
}
ping_sh;
write script to cron
*/3 * * * * /PathScript
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question