LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page Forcing all traffic through VPN (using iptables?)
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 04-23-2011, 02:03 PM   #1
tbaac
LQ Newbie
 
Registered: Apr 2011
Distribution: Arch, rooted Android on phone.
Posts: 5

Rep: Reputation: 0
Question Forcing all traffic through VPN (using iptables?)

Hi
I'm new here, hello everyone

I've got a question relating to VPN. There seem to be many threads asking how to setup iptables to allow traffic through VPN but I could not find one asking my question.

I often connect to open wireless access points at airports etc. I have an iptables firewall setup on my netbook and connect using OpenVPN. I also have a VPN connection on my Android phone for similar reasons.

What I would like, particularly on the phone is to prevent applications from connecting to the internet other than via the VPN server. In this way, if I become disconnected from the VPN (or I become disconnected from wireless and then reconnected without VPN) my private data will not be sent over an unsecured wireless network.

So is this possible with an iptables rule or similar?

Thank you.
 
Old 04-23-2011, 07:32 PM   #2
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
Can you set your default route to the VPN end point when you are connected?
 
Old 04-24-2011, 01:26 PM   #3
tbaac
LQ Newbie
 
Registered: Apr 2011
Distribution: Arch, rooted Android on phone.
Posts: 5

Original Poster
Rep: Reputation: 0
Thank you for the reply Stickman.

I'm no routing expert, but if I did that would it be able to work out the rest of the route (after the VPN server) itself?

Also, how would I set the end point? Can you give me a couple of words as a starter?

Thanks again.
 
Old 04-24-2011, 07:09 PM   #4
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
In most cases the route would point to the VPN IP address of the VPN server. The key words that you're looking for are "route" and "add".
 
Old 04-25-2011, 09:24 AM   #5
syscon7
LQ Newbie
 
Registered: Sep 2006
Location: SE Pennsylvania
Distribution: Slackware
Posts: 4

Rep: Reputation: 0
You should be able to add statements to your OpenVPN config at home to push your home default route to your remote laptop/phone. When the VPN connection is set up, the push should replace the default route on your laptop with the default route to your home network. You should also push the home network DNS server addresses to your laptop/phone. You shouldn't need to monkey with IPTables at all.

You'll need a directive in the host config file along with the push route commands,

push "redirect-gateway".

This should force your remotes to use your VPN connection for all IP traffic.

The config file for your remotes should have the keyword "client" in it to enable the client to pull config data from the host.

Check the OpenVPN "HOW-TO" for more detailed information on host and remote config file directives..
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to use VPN tunnel for all traffic except SMTP (port 25) traffic? maven12 Linux - Networking 2 11-09-2010 06:00 AM
[HELP] redirect traffic to spesific port based on Traffic Content using iptables summersgone Linux - Server 2 06-22-2009 11:26 AM
IPTABLES: Forward from VPN to LAN, Need traffic to appear as if its coming from LAN. a2brute Linux - Networking 3 11-17-2008 11:53 AM
IPTables Reroute Outing Traffic Through VPN Usogi Linux - Networking 6 04-11-2008 01:29 AM
forcing traffic through certain route(forcing source ip) taltman Linux - Networking 1 12-26-2007 01:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:22 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration