kill switch for ubuntu
Hi!
As statet in another thread, there is a bug in the pia.sh app for ubuntu.
The kill switch does it's job, but when you try to connect to your local network, the kill switch will refuse this connection as well.
So I disabled the killswitch in the pia.sh app and configuered a firewall to make my own kill switch.
First I installed UFW
sudo apt-get install ufw
Added these rules
This denies all in and outgoing traffic:
sudo ufw default deny outgoing
sudo ufw default deny incoming
Optional step for OpenSSH users or if you want to allow/block a specific service:
sudo ufw app list //will show some services, OpenSSH among others
sudo ufw OpenSSH allow //allows OpenSHH. this works for other services too
This allows connections from the vpn interface:
sudo ufw allow out on tun0 from any to any // replace "tun0" with your vpn interface name --> see sudo ifconfig
sudo ufw allow in on tun0 from any to any // replace "tun0" with your vpn interface name --> see sudo ifconfig
This allows all traffic from and to the VPN server:
The port range is specifically for the VPN server in the netherlands. You can add other servers as well. Just find out the port range or ask the staff.
sudo ufw allow in from 109.201.128.0/109.201.159.255 to any
sudo ufw allow out from any to 109.201.128.0/109.201.159.255
This step allows connections within your LAN:
sudo ufw allow from 192.168.11.0/24 // replace "192.168.11" with your address
Now just enable the firewall
sudo ufw enable
There is one thing I did not solve by now. You have to disable the firewall (sudo ufw disable) before you can connect to your VPN server. After the connection has been established, you want to enable the firewall again. For me this is no big deal, because my PC runs 24/7 and I usually don't reconnect.
Note that I am not a linux expert. I guess there are some people here that know a lot more about this. Feel free to make suggestions for improvements
As statet in another thread, there is a bug in the pia.sh app for ubuntu.
The kill switch does it's job, but when you try to connect to your local network, the kill switch will refuse this connection as well.
So I disabled the killswitch in the pia.sh app and configuered a firewall to make my own kill switch.
First I installed UFW
sudo apt-get install ufw
Added these rules
This denies all in and outgoing traffic:
sudo ufw default deny outgoing
sudo ufw default deny incoming
Optional step for OpenSSH users or if you want to allow/block a specific service:
sudo ufw app list //will show some services, OpenSSH among others
sudo ufw OpenSSH allow //allows OpenSHH. this works for other services too
This allows connections from the vpn interface:
sudo ufw allow out on tun0 from any to any // replace "tun0" with your vpn interface name --> see sudo ifconfig
sudo ufw allow in on tun0 from any to any // replace "tun0" with your vpn interface name --> see sudo ifconfig
This allows all traffic from and to the VPN server:
The port range is specifically for the VPN server in the netherlands. You can add other servers as well. Just find out the port range or ask the staff.
sudo ufw allow in from 109.201.128.0/109.201.159.255 to any
sudo ufw allow out from any to 109.201.128.0/109.201.159.255
This step allows connections within your LAN:
sudo ufw allow from 192.168.11.0/24 // replace "192.168.11" with your address
Now just enable the firewall
sudo ufw enable
There is one thing I did not solve by now. You have to disable the firewall (sudo ufw disable) before you can connect to your VPN server. After the connection has been established, you want to enable the firewall again. For me this is no big deal, because my PC runs 24/7 and I usually don't reconnect.
Note that I am not a linux expert. I guess there are some people here that know a lot more about this. Feel free to make suggestions for improvements
Comments