OpenVPN by default is fail-dangerous - if it goes wrong, your traffic goes uncloaked. Is there a way to fix that?
-
-
Replying to @ciphergoth
you can use iptables to block direct traffic (but yes, it's slightly annoying to set up)
2 replies 0 retweets 0 likes -
Replying to @tehjh
How do you do that without breaking VPN traffic? Whitelist one IP/port? Messy :-(
2 replies 0 retweets 0 likes -
Replying to @ciphergoth @tehjh
Run it as a dedicated openvpn user and use iptables / nftables uid-based filtering.
1 reply 0 retweets 1 like -
Replying to @CopperheadOS @ciphergoth
but you can't route depending on UID, right? So traffic to other ports of the VPN server just wouldn't work?
2 replies 0 retweets 0 likes
I like the netns-based solution because it lets pre- and post-VPN traffic just use different routing tables
11:10 PM - 3 Dec 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.