Help [linux] ensuring all traffic goes over a vpn

[Luke]

I accidentally logged in without being connected because I am an idiot.
So here's a copy paste solution to this because I couldn't find any.
Applies to PPTP vpn on debian/mint/ubu/possibly others.

Lets just leave this here might come in handy for some.

1. switch to root

sudo bash

enter password

2. open /etc/rc.local

nano /etc/rc.local

3. copy and paste this to the end of the file, leave stuff at the top intact

sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv6.conf.lo.disable_ipv6=1

iptables -F
iptables -P OUTPUT ACCEPT
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT

chain_exists=`iptables --list |grep ALLOWVPN |grep -v grep |wc -l`
if [ "$chain_exists" -gt 0 ];
then
sudo iptables -X ALLOWVPN
fi

chain_exists=`iptables --list |grep BLOCKALL |grep -v grep |wc -l`
if [ "$chain_exists" -gt 0 ];
then
sudo iptables -X BLOCKALL
fi

sudo iptables -N ALLOWVPN
sudo iptables -N BLOCKALL
sudo iptables -A OUTPUT -o ppp+ -j ACCEPT
sudo iptables -A OUTPUT -o lo+ -j ACCEPT
sudo iptables -A OUTPUT -j ALLOWVPN
sudo iptables -A OUTPUT -j BLOCKALL
sudo iptables -A ALLOWVPN -d X.X.X.X -j ACCEPT
sudo iptables -A BLOCKALL -j DROP

echo "nameserver 8.8.8.8" > /etc/resolv.conf
echo "nameserver 8.8.4.4" >> /etc/resolv.conf
exit 0

3. replace X.X.X.X to the VPN's IP address.
save and exit

4. make it start on boot so that you won't forget like I did, type

sudo chmod +x /etc/rc.local

5. reboot

Now you should have no connection at all if the VPN is inactive.
If you have no VPN hit me up I have 3 unused russian datacenter IPs.

To turn off the thing so the internet works without a VPN type:

sudo iptables -F

PS: I know I know but it's idiot proof and good enuff.

 

[Threads]

Or use TAILS.