Skip to content

dl200010/vpn-firewall

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

130 Commits
gentoo
gentoo
 
 
.gitattributes
.gitattributes
 
 
CONTRIBUTING.md
CONTRIBUTING.md
 
 
COPYING
COPYING
 
 
GPLv3
GPLv3
 
 
README.md
README.md
 
 

Repository files navigation

Why

If you simply add a VPN using common instructions, it generally fails open. That means, if the VPN breaks down, because the connection is interrupted, traffic will be send without the VPN.

It's much safer when it fails closed, i.e. when the VPN connection breaks down, the whole internet connection must be down as long as the VPN connection isn't restored.

What does it do

  • Forbid outgoing traffic after the VPN / tunnel software broke down for some reason.
  • Tight firewall rules, using iptables policy drop.
  • Only designed with OpenVPN in mind.
  • You should test if it does what it claims.
  • Open Source / Free Software

What does it NOT do

  • Care about DNS leaks. Consult your VPN software's/provider's documentation and configure /etc/resolv.conf to use the DNS server of your VPN server.
  • Block WebRTC leaks. [1]
  • Defend against IP leaks. If a locally installed application uses trickery to obtain the the users real IP and sends it somewhere though the VPN. [1]
  • Defend against adversaries, which are in position to run code locally, i.e. manipulate the firewall rules.
  • Prevent any other kind trickery to circumvent using the VPN.
  • Prevent leaks caused by bugs in the VPN software.
  • Be compatible with Whonix-Gateway/Workstation. (VPN-Firewall is incompatible with Whonix-Gateway/Workstation's firewall! Use Whonix documentation and use their built-in features.)
  • Manage IPv6 traffic. IPv6 traffic is blocked.
  • Install (Open)VPN.
  • Configure (Open)VPN.
  • Autostart (Open)VPN.
  • Anything else not mentioned above in "What does it do".

[1] This probably does not apply to VMs / computers behind a VPN-Gateway (when using the #Forwarding feature).

Dependencies

  • sys-libs/glibc
  • sys-apps/coreutils
  • sys-apps/grep
  • sys-apps/sed
  • sys-apps/gawk
  • sys-apps/iproute2
  • net-firewall/iptables
  • net-vpn/openvpn

How to Use

  • Emerge the dependencies above.
  • Install the files in the gentoo folder by
  • Edit /etc/vpnfirewall/config to point to your openvpn.conf file and openvpn interface.
  • Edit /etc/init.d/openvpn to add "need vpnfirewall" to the end of "depend()".
  • Use "/etc/init.d/vpnfirewall start" to start right away.
  • Use "rc-update add vpnfirewall default" to auto start when booting up.

Forks, Patches, Testers, Comments, etc.

Welcome.

Original Author

Gentoo Author

License

GPLv3+

About

Leak Protection (Fail Safe Mechanism) for (Open)VPN for Gentoo

Resources

Readme

License

View license

Contributing

Contributing
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases 2

Simplify Config File Latest
May 12, 2025
+ 1 release

Packages

No packages published

Languages

  • Shell 100.0%