How do I stop all network traffic that's not 100% needed or a OpenVPN?
-
Hello, title says it all really. I've set up OpenVPN and it says my IP is the VPN server however I want to be sure that nothing can leave my device that isn't through the OpenVPN connection or essential for network functionality?
-
I'm not 100% sure since I've never done it, but you should be able to change the default gateway for your WAN to your OpenVPN client connection. I don't know if the client automatically gets added to the list of gateways or if you have to manually add it. Either go to Interfaces - WAN, or System - Routing - Gateways.
-
Ok so there was nothing on WAN but now the default gateway is the OpenVPN connection, would this route everything through the openvpn interface?
Also is there anyway that I could disable the WAN interface (or as much as I can possibly do)?
The device traffic graph is the same for all interfaces, is this a problem?
–--------------------
On point 18 of this tutorial (https://www.privateinternetaccess.com/forum/discussion/29231/tutorial-setup-pia-on-pfsense-2-4-2) it teaches you how to 100% route all traffic through the interfaces, I didn't set up my VPN like this but is it possible?
-
would this route everything through the openvpn interface?
I would think so but like I said, I've never done it before. There are online VPN leak tests that you should check out just to verify that you appear to be coming from where you want.
I could disable the WAN interface (or as much as I can possibly do)?
I don't know for sure since that is the real interface that your VPN tunnel is using, but I don't think so. Disable it via Interfaces - WAN and see what happens. I suspect that your VPN connection will die.
-
Sorry and hope I wasn't wasting your time but I found a fix.
To anyone who's interested what I was referring to is called a VPN Kill switch, it disables all network traffic that's not going through the VPN to ensure 100% that all traffic is VPN'd. In my NAT rules I disabled everything except from this:
interface OPT1 (my OpenVPN interface) * * * OPT1 Addresses (anything going through my VPN * *I'm under the impression that this would mean the only traffic allowed is my network -> one of the VPN addresses (please, please, please correct me if I'm wrong though).
Thanks for your time, KOM.
-
@KOM:
would this route everything through the openvpn interface?
I would think so but like I said, I've never done it before. There are online VPN leak tests that you should check out just to verify that you appear to be coming from where you want.
I could disable the WAN interface (or as much as I can possibly do)?
I don't know for sure since that is the real interface that your VPN tunnel is using, but I don't think so. Disable it via Interfaces - WAN and see what happens. I suspect that your VPN connection will die.
Although do you happen to know the routing settings I would have to do to create a second OpenVPN connection and route the 1st one through the 2nd one before reaching the internet?
-
To anyone who's interested what I was referring to is called a VPN Kill switch, it disables all network traffic that's not going through the VPN to ensure 100% that all traffic is VPN'd.
Not exactly.
A kill switch prevents traffic going out WAN if VPN is down.What almost never comes up as a question is NTP, pfSense update servers and maybe more.
Can put it in an alias, etc…...
Do a tcpdump to see what is not leaving through the VPN.
-
Although do you happen to know the routing settings I would have to do to create a second OpenVPN connection…
No, sorry.
-
To anyone who's interested what I was referring to is called a VPN Kill switch, it disables all network traffic that's not going through the VPN to ensure 100% that all traffic is VPN'd.
Not exactly.
A kill switch prevents traffic going out WAN if VPN is down.What almost never comes up as a question is NTP, pfSense update servers and maybe more.
Can put it in an alias, etc…...
Do a tcpdump to see what is not leaving through the VPN.I can't find tcpdump within pfSense, is there a command or somthing?
Also do you happen to know how I would router one OpenVPN connection through another OpenVPN connection?
