VPN Kill switch for Linux – Protect from VPN drops and DNS leaks

This post is a follow-up from the one posted at TheTinHat.com

What we want to ensure is that:

• We connect to our VPN and all traffic goes through it (including DNS).
• If our VPN connection drops there is no leak and it reconnects automatically.
• We can return to not using VPN safely.

We will use two scripts, vpn-firewall.sh and vpn-off.sh. Pleace them under your /home/user/bin folder or anywhere else. Make then executable with chmod +x vpn-*

vpn-firewall.sh

vpn-off.sh

Usage:

• Make sure you have the ufw package installed.
• Before opening any app, execute vpn-firewall.sh to connect to the vpn and set up the firewall. This script will monitor your connection and re-connect to VPN if it drops avoiding any leaks. You can stop monitoring using Ctrl + Z.
• If you want to stop using VPN, stop monitoring by Ctrl +Z and execute vpn-off.sh IMPORTANT: Make sure your close all apps first or list them under KILL_APPS on the vpn-off.sh script.
  

If you want to run vpn-firewall.sh each time you open session, you can create a file vpn-firewall.desktop under ~/.config/autostart/ folder with the following content:

[Desktop Entry]
Name=VPN Firewall autostart
Type=Application
NoDisplay=true
Exec=~/bin/vpn-firewall.sh

Note that this might not work for you since this script needs root access to modify Firewall rules.