Any VPN's for linux with a client that has built-in killswitch?

Discussion in 'privacy technology' started by krustytheclown2, Nov 6, 2015.

  1. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    I'm looking for a VPN for Ubuntu that has a client with built-in killswitch so that if the vpn connection fails it kills all internet activity. I know AirVPN is one but I need another, any ideas?
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Well as you mentioned, Air has one and it works solidly! A linux client for the "public" takes alot of design because there are so many different distro's. If for some reason you don't want to use Air then may I suggest a super easy method for Linux only?

    Create a ONE RULE ufw (IP table frontend = ufw) that locks your connection to only tun0. You would engage your vpn connection with your provider and then enable ufw. NOTHING enters or leaves the machine except via tun0. Its rock solid and YOU control the "firewall" not the vpn provider. Nobody cares more about you than you!!

    step one - connect

    step two - enable ufw

    That's it!!

    You would disable ufw next session to be able to connect and then go to step one.

    ps - I didn't mean to seemingly ignore your actual question, but I am not aware of any provider other than Air with a linux client. I check all the time because I study code for firewalls.
     
    Last edited: Nov 8, 2015
  3. krustytheclown2

    krustytheclown2 Registered Member

    Joined:
    Nov 18, 2014
    Posts:
    210
    I already have AirVPN is why, I found Mullvad has it though and it's looking good (and really cheap)
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Depending on when your vpn agreements expire, most of the providers (recommended here) may be running "Black Friday" specials. Some of the deals last year were about 50-60 % of normal when a year was purchased. Thats only a few weeks, just as a reminder.
     
  5. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    6,029
    Or just allow connections on eth0 to the VPN server. And maybe drop bad packets. Whonix VPN-Firewall is a good example.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Another fine idea. Both of us have always preferred to control our own machines. I do fully understand why many don't have the inclination to learn how to do it. If they knew how easy it really is I think everyone would rather trust themselves over a provider. I do trust my 3 providers, but not as much as myself.
     
  7. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    I personally use UFW to block any connections not to the VPN server. I do allow certain local traffic depending on the Linux VM. UFW allows for this. If you are really stuck you can use the graphical front end gufw.
     
  8. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Hopefully all here know I am talking about my privacy "hobby computers" when I am posting about some of my config's. On those I specifically prohibit ANY interaction on the local network (LAN). When I am home the LAN has 10 + devices connected almost 24/7. Rather than attempt to control them all, which is unreasonable, I simply exclude them from the vpn tunnel and block the tunnel machine from leaving the tunnel --EVER. There are tons of ways to accomplish this task and they all have merit.

    OP, sorry we left your original question. Back on point, I'll have to do some reading about Mullvad's linux client. Not currently one of my providers, but their reputation is strong here. Does Mullvad post their client software on github or similar? I like to glean over code as a hobby.
     
  9. driekus

    driekus Registered Member

    Joined:
    Nov 30, 2014
    Posts:
    489
    Gotcha and completely agree. My security philosophy is more about blocking external access and using disposable Tor VPNs for browsing (high risk activity). I do run some semi-trusted VMs through a VPN with some (limited) internal network access for printing. You are making me rethink that philosophy. I suppose it would be safer to use my Qubes-OS copy feature to pass pdfs through to a VM with printer access.

    I dont necessarily think the discussion was a distraction. When your option is only a VPN client that disconects when the VPN drops it does limit you to certain VPN providers. Broadening options to include a firewall-OpenVPN solution gives you a lot more provider choices. It also is a way to give the same level of security to android using OpenVPN connect and AFWall.
     
Loading...