Long ago I helped deploy a VPN network for a large company where I worked. They had many servers and needed multiple sites to have access to all of those servers. It was a company that made software to manage car dealerships all over the US, Canada and Mexico. Since then I still configure my VPN connection like so:
> add firewall rules on your client machine that allow you access to JUST the dns and VPN network.
> add more rules on your vpn host (if you have root access), to block all network access besides VPN traffic originating from your IP or home network.
> Configure openvpn to push the correct IP routes and name servers to the client machines.
> Finally, run your own DNS and DHCP on your vpn server so that you do not have to mess around with static addressing.
In this way I've found that it is really simple to reconnect manually or automatically. Additionally, you will know immediately if your network has gone down. The firewall will block everything else whether the VPN is connected or is not connected- eliminating DNS leaks. Also, if you are going through all the trouble to run a vpn, or pay for one, you might as well have private DNS services too.
|