Best regards
John Scofield
Sent with [Proton Mail](https://proton.me/mail/home) secure email.
--- Forwarded Message ---
From: hahahahacker2009
Date: On Monday, November 25th, 2024 at 1:32 PM
Subject: Re: VPN killswitch
To: bsdbsdbsd1
> Vào 1:10, Th 2, 25 thg 11, 2024 bsdbsdbsd1
On Mon, Nov 25, 2024 at 07:59:09PM +1000, David Gwynne wrote:
> On Sun, Nov 24, 2024 at 05:55:12PM +, bsdbsdbsd1 wrote:
> > OpenBSD needs an easily implementable killswitch for VPNs.
>
> i'd argue it has one. or two. maybe more.
>
> my preferred solution is to put the vpn protected traffic in
On Sun, Nov 24, 2024 at 05:55:12PM +, bsdbsdbsd1 wrote:
> OpenBSD needs an easily implementable killswitch for VPNs.
i'd argue it has one. or two. maybe more.
my preferred solution is to put the vpn protected traffic in a separate
rdomain to the vpn transport. for example, let's use wireguard
Hello,
You could do this via PF, block all traffic (in and out) on any other
traffic than the vpn interface.
Then allow traffic out on the physical interface ONLY to the
IP(s)/port(s) of the VPN.
This is what I do currently for always on VPN, I am sure there is a
better way, but it works.
Take
On Sun, 24 Nov 2024 18:55:12 +0100,
bsdbsdbsd1 wrote:
>
> OpenBSD needs an easily implementable killswitch for VPNs.
>
Do you mean something like that Solène did here?
https://dataswamp.org/~solene/2021-10-09-openbsd-wireguard-exit.html
--
wbr, Kirill
OpenBSD needs an easily implementable killswitch for VPNs.
Best regards
John Scofield
6 matches
Mail list logo
