Hardening route/iptables behind OpenVPN?
-
Essentially, I want to make sure that all WAN traffic stops if tun0 goes down. To me, the setup below looks OK, but as a relative newbie when it comes to routing/iptables I still have some doubt.
Can anyone take a look and confirm that everything looks on the up and up as far as my attempt to harden/tolerate a VPN connection failure?
If there's additional information needed to verify that all traffic to/from the WAN gets dropped, I'd be happy to try and post it up, too.
client dev tun proto udp remote nl.privateinternetaccess.com 1194 resolv-retry infinite nobind persist-key persist-tun ca /home/vpn/ca.crt tls-client remote-cert-tls server auth-user-pass /home/vpn/config.file comp-lzo verb 4 reneg-sec 0 crl-verify /home/vpn/crl.pem script-security 2 up /etc/openvpn/update-resolv-conf down /etc/openvpn/update-resolv-conf
I followed this guide for the most part, but ya know what they say about stuff you read on the internet ;o)
http://raspberrypi.stackexchange.com/questions/11648/raspbmc-and-openvpn-block-traffic-except-vpn-with-iptables