Best practice for managing default routes over only VPN connections?

[Paul Swanson <psw protonmail com>]

Hello,

I've recently been configuring my Ubuntu 16.10 laptop for default routing via VPN only and have discovered some difficulties.

My goal is to only connect to the Internet via a VPN and ensure that DNS requests are resolved by a trusted server only.

One thing I've noticed is that DNS resolution seems to be handled by NM on a connection by connection basis, but I want to ensure that DNS resolvers are fixed to my choice regardless of the underlying connection, without giving up NM control and dnsmasq for caching.

From what I've seen so far, the configuration bias is towards VPN connections providing tangential access to a private network and NOT as the default route.

Is anyone aware of any clear guidance for configuring NM's behaviour when seeking to use VPN for default routing and DNS safe connections?

I've had further issues with NetworkManager SSH VPN configuration.

I would like to be able to link my VPN configuration to the underlying network adapters on my machine, so that regardless of which Wireless SSID or ethernet connection is activated the VPN connection is automatically and subsequently brought up and down as required. Right now, this is a manual process for me.

The reason I'm looking for this behaviour is I'm primarily based in a country that has very extreme Internet controls and common VPN solutions, such as IPSEC and OpenVPN are usually blocked by the state. SSH tunneling, custom SSL and more obscure VPN technologies seem to work best here.

Would genuinely appreciate any guidance on how to best proceed here.

Thanks,

Paul S.

Sent from ProtonMail, encrypted email based in Switzerland.