Re: Best practice for managing default routes over only VPN connections?

On 11/07/2016 06:57 AM, Thomas Haller wrote:

Another thing is ensuring that all traffic is routed via the VPN (that
is, controlling the configured routes). That is not supported by NM
directly (besize that you can manually configure your underlying
connection to have no default-route and only give a default-route to
the VPN connection). See for example .

FWIW... If the OP is inquiring about a 'fail closed' configuration that can prevent any traffic leaking from the tunnel, then he may want to look at Qubes OS where users can define a 'Proxy VM' to control all traffic in this way. This means the VPN is running inside a forwarding *router* and preventing leaks becomes a much simpler matter of stopping any forwarding to clearnet NICs.

You can get the same effect with a dedicated physical router, but then you'd have to carry that around (and router devices get exploited a lot these days).


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]