You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
Thank for your great work about this container !
Is it possible to add the possibility to force to block all traffic if the vpn goes doown ?
From my point of view : add a environment for enable this feature and another one to set the vpn ip (additionnal of OPENPVN_CONFIG which look like cn.norvpn.com.tcp.443, another one like OPENVPN_SERVER_IP=cn.nordvpn.com for exemple,
Once done, you need install iptables (and dnsutils to check)
and apply these rules :
iptables -A OUTPUT -j DROP
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A INPUT -s $OPENVPN_SERVER_IP -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -d $OPENVPN_SERVER_IP -j ACCEPT
Then to check if it works :
a loop :
#!/bin/bash
while true
do
dig @ns1.google.com -t txt o-o.myaddr.l.google.com +short
done
and run killall openvpn several time you will see, you never have another public ip than the vpn one ...
I think it's better to add this in your project than fork it ... what do you think about that ?
The text was updated successfully, but these errors were encountered:
Hi,
Thank for your great work about this container !
Is it possible to add the possibility to force to block all traffic if the vpn goes doown ?
From my point of view : add a environment for enable this feature and another one to set the vpn ip (additionnal of OPENPVN_CONFIG which look like cn.norvpn.com.tcp.443, another one like OPENVPN_SERVER_IP=cn.nordvpn.com for exemple,
Once done, you need install iptables (and dnsutils to check)
and apply these rules :
iptables -A OUTPUT -j DROP
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A INPUT -s $OPENVPN_SERVER_IP -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -d $OPENVPN_SERVER_IP -j ACCEPT
Then to check if it works :
a loop :
#!/bin/bash
while true
do
dig @ns1.google.com -t txt o-o.myaddr.l.google.com +short
done
and run killall openvpn several time you will see, you never have another public ip than the vpn one ...
I think it's better to add this in your project than fork it ... what do you think about that ?
The text was updated successfully, but these errors were encountered: