ONLY VPN traffic on F20 wireless interface?
Garry T. Williams
gtwilliams at gmail.com
Mon Jan 6 05:04:21 UTC 2014
On 1-5-14 12:00:37 Steve Snyder wrote:
> How can I ensure that in Fedora 20 my wireless interface is *only*
> used for VPN traffic?
>
> After the initial connection to the access point I want to guarantee
> that no traffic passes through the interface other than through the
> OpenVPN tunnel.
You want delete any existing default route that is not via tun0 and
add a default route for that interface.
Most VPN servers are configured to send routes for just that purpose.
But yours may not be configured that way.
Connect to your server and look at your route table:
$ netstat -nr
> Ideally, I'd like to be able to ensure this from a terminal window,
> but use of a GUI interface is OK if that is what is needed to ensure
> no leakage of unencrypted data.
NewtworkManager provides a call-back for things like this. Place an
executable file in the /etc/NetworkManager/dispatcher.d directory that
does something like this:
#!/bin/sh
case $2 in
"vpn-up")
/usr/sbin/ip route add default dev $1
;;
esac
After connecting check your route table to verify that traffic is only
routed over the VPN tunnel.
> Can someone point me to a guide that explains how to do this?
$ man NetworkManager
...
NetworkManager will execute scripts in the
/etc/NetworkManager/dispatcher.d directory in alphabetical order in
response to network events. Each script should be a regular executable
file, owned by root. Furthermore, it must not be writable by group or
other, and not setuid.
Each script receives two arguments, the first being the interface name
of the device just activated, and second an action.
...
vpn-up
A VPN connection has been activated. The environment contains the
connection UUID in the variable CONNECTION_UUID.
--
Garry T. Williams
More information about the users
mailing list