Overview
VPN is a powerful tool that provides security and encryption for as long as it stays connected. As soon as the VPN connection is dropped, you become vulnerable against all kinds of cyber criminals and automated threats. In most cases, VPN takes a few seconds to reconnect but these few seconds may risk your online identity or data. The Internet Kill Switch is designed to remove this risk. Some VPN providers offer this feature, but not all of them. You can set up your own killswitch system on a Linux machine by following the below steps:
1. Make sure you have ufw and iptables installed
These are usually installed by default on Debian/Redhat based systems, but if they are not please installed them. UFW - uncomplicated firewall is actually a wrapper over iptables, making it easier to add firewall rules without knowing iptables syntax
2. Connect to your VPN
Please follow your VPN provider’s intructions on connecting to the VPN. Note down the ip address for the VPN gateway as you will use it later. You can use either the command line or the Network-Manager applet for connecting to your vpn.
Please also make sure you use an IP for the VPN gateway when saving your OpenVPN configuration file. DNS resolution will not be allowed through the regular interface to avoid DNS leakung.
3. Set up your firewall
check if firewall is running
start your firewall
set default policy to deny all
allow traffic to your local network
The example below is for a C-class private network, that most home routers use. If you are using a different Network class please adjust it.
allow traffic to your VPN gateway
Please replace
allow traffic through your tun/tap VPN interface
Please replace
If you want to find out the name of the interface run ifconfig command.
4. Automatic script
- You can use this script to run a killswitch with the push of a button.