Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

PIA iptables killswitch for PIA and other VPN's

A core mission of cryptostorm is ensuring consistent, reliable network security with minimal fuss & drama. From DNS-based services like our DeepDNS in-browser native .onion/.i2p site access, through grounbreaking research on IP6 leakblocking, & to firewall-based structures to enable "fail-closed" security, this is where we discuss & develop cryptostorm-style leakblock tech.
User avatar

Topic Author
hulltech
Posts: 28
Joined: Thu May 15, 2014 11:45 pm

PIA iptables killswitch for PIA and other VPN's

Postby hulltech » Sun Sep 28, 2014 10:25 am

I found this on the net while looking for a way to install an openvpn GUI to handle all the servers in a list file and ran across this.
http://www.reddit.com/r/VPN/comments/28 ... ther_vpns/

vpnon.sh

#!/bin/bash
IP=$(wget https://duckduckgo.com/?q=whats+my+ip -q -O - | grep -Eo '\<[[:digit:]]{1,3}(\.[[:digit:]]{1,3}){3}\>')
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
####
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access
iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT #make sure you can communicate with any DHCP server
iptables -A INPUT -s 255.255.255.255 -j ACCEPT #make sure you can communicate with any DHCP server
iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT #make sure that you can communicate within your own network
iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
iptables -A FORWARD -i eth0 -o tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -o eth0 -j ACCEPT # make sure that eth+ and tun+ can communicate
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE # in the POSTROUTING chain of the NAT table, map the tun+ interface outgoing packet IP address, cease examining rules and let the header be modified, so that we don't have to worry about ports or any other issue - please check this rule with care if you have already a NAT table in your chain
iptables -A OUTPUT -o eth0 ! -d $IP -j DROP # if destination for outgoing packet on eth+ is NOT a.b.c.d, drop the packet, so that nothing leaks if VPN disconnects
exit 1
done

Then vpnoff.sh when openvpn stop

iptables -F



there were a few comments about IP=$(curl ifconfig.me)

Would be a slightly cleaner command....

is there a way to use this for cryptosystem. thought I would ask and show the info I found. hope it helps because I don't understand anything about it. LOL

User avatar

Topic Author
hulltech
Posts: 28
Joined: Thu May 15, 2014 11:45 pm

Re: PIA iptables killswitch for PIA and other VPN's

Postby hulltech » Sun Sep 28, 2014 11:15 am

is there a list of commands to use when you telnet into your router to put all the conf server files, the firewall script.txt, and the password.txt in the jffs directory and the scripts directory. and can I add a 3 month hash tag and a one month hash tag together in the password.txt


Return to “DeepDNS.net - cryptostorm's no-compromise DNS resolver framework”

Who is online

Users browsing this forum: No registered users and 4 guests

Login