ABANDONED if favor of https://github.com/jotyGill/openpyn-nordvpn
This is a VPN kill switch for NordVPN configs. Unfortunately, at the moment it lacks Linux kill switch, so I had to implement one myself.
Grab fresh OpenVPN configs from NordVPN website and unpack them:
wget https://nordvpn.com/api/files/zip
Next, just pass the desired config to this script:
sudo ./nordvpn-kill-switch /path/to/config.ovpn
If you think that using VPN makes your browsing safe, you're wrong. For instance, if your VPN connection drops, even if you're lucky enough to get reconnected, in default setup you are likely to leak packets via default (insecure)
You are very likely to have DNS servers provided by your ISP, so they might know which websites are you visiting. In some cases this might pose a security risk, so it's worth replacing DNS servers with NordVPN's ones.
- You can test your DNS for leaking here https://dnsleaktest.com
- Or try
nslookupcommand
Status: active
To Action From
-- ------ ----
Anywhere on tun0 ALLOW Anywhere
Anywhere (v6) on tun0 ALLOW Anywhere (v6)
Anywhere ALLOW OUT Anywhere on tun0
184.75.214.84 ALLOW OUT Anywhere
Anywhere (v6) ALLOW OUT Anywhere (v6) on tun0
As you can see, we only allowed connections via VPN (tun0) and establishing initial connection.
Even though I know couple of things about internet security, I am by no means an expert, so if you think some of my code is wrong or instructions are misleading, please let me know!
- figure out dnsmasq stuff and Network Manager interactions
- /etc/resolv.conf is autogenerated?
- something about
route -nand default gateway? - Is ufw reset unsafe? Shall we just delete everything apart from block rules?
script-security 2
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf