Posted: 2017-04-29 22:06:05 by Alasdair Keyes
The Ubuntu/Mint Network manager can be instructed to connect to a VPN when the network is started up, which is great for privacy however there are three instances I've noticed when this falls short.
Coffee House WiFiI have to manually connect.
There have been a few instances where these have occurred and it meant I was sending out traffic insecurely until I noticed.
To combat this I set UFW to automatically reject all packets on the
OUTPUT chain. This means my laptop is unable to send any packets over any network device (as long as the firewall is running. I then updated my UFW firewall with the following rules into
/etc/ufw/user.rules to allow outbound connections for specific devices etc.
# Allow LXC containers to send traffic out on the LXC bridge -A ufw-user-output -o lxcbr0 -j ACCEPT # Allow LXC containers to send traffic onto their virtual ethernet device -A ufw-user-output -o veth+ -j ACCEPT ### Allow traffic out through the OpenVPN tun0 interface -A ufw-user-output -o tun0 -j ACCEPT ### Allow traffic to my VPN host -A ufw-user-output -o wlp8s0 -p tcp --dport 1194 -d 220.127.116.11 -j ACCEPT ### Allow traffic out to my local networks -A ufw-user-output -d 192.168.0.0/24 -j ACCEPT ### Allow traffic out to virtualbox network devices -A ufw-user-output -o vboxnet+ -j ACCEPT
Additional rules will be required into your
Now if VPN doesn't connect or drops out unexpectedly, I lose connectivity but I won't be sending out unsecured traffic and I can just reconnect.
If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz
I'm now available for IT consultancy and software development services - Cloudee LTD.
Happy user of Digital Ocean (Affiliate link)