Re: ONLY VPN traffic on F20 wireless interface?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 1-5-14 12:00:37 Steve Snyder wrote:
> How can I ensure that in Fedora 20 my wireless interface is *only*
> used for VPN traffic?
>
> After the initial connection to the access point I want to guarantee
> that no traffic passes through the interface other than through the
> OpenVPN tunnel.

You want delete any existing default route that is not via tun0 and
add a default route for that interface.

Most VPN servers are configured to send routes for just that purpose.
But yours may not be configured that way.

Connect to your server and look at your route table:

    $ netstat -nr

> Ideally, I'd like to be able to ensure this from a terminal window,
> but use of a GUI interface is OK if that is what is needed to ensure
> no leakage of unencrypted data.

NewtworkManager provides a call-back for things like this.  Place an
executable file in the /etc/NetworkManager/dispatcher.d directory that
does something like this:

    #!/bin/sh
    case $2 in
      "vpn-up")
	/usr/sbin/ip route add default dev $1
	;;
    esac

After connecting check your route table to verify that traffic is only
routed over the VPN tunnel.

> Can someone point me to a guide that explains how to do this?

    $ man NetworkManager
    ...
       NetworkManager will execute scripts in the
       /etc/NetworkManager/dispatcher.d directory in alphabetical order in
       response to network events. Each script should be a regular executable
       file, owned by root. Furthermore, it must not be writable by group or
       other, and not setuid.

       Each script receives two arguments, the first being the interface name
       of the device just activated, and second an action.
    ...
       vpn-up
           A VPN connection has been activated. The environment contains the
           connection UUID in the variable CONNECTION_UUID.

-- 
Garry T. Williams

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux