Force VPN Traffic On TUN Adapter
When using a local VPN server, it is advisable to segregate internal and external network traffic over the different interfaces. Configure internal traffic over eth0
and external traffic over tun0
.
When using a local VPN server, it is advisable to segregate internal and external network traffic over the different interfaces. Configure internal traffic over eth0
and external traffic over tun0
.
To make iptables rules permanent, we need to save them to a configuration files and ensure they are restored on each boot. The following assumes that the current rules enabled are those to be made permanent. Save current rules to config file
1 | sudo sh -c "iptables-save > /etc/iptables.conf" |
Edit /etc/rc.local as root and add the following
1 2 | # Load iptables rules from config file iptables-restore < /etc/iptables.conf |
Instead of adding individual IP addresses that need to be blocked to IPTables, it is easier to maintain a a single blacklist using IPSet and reference it in IPTables. Install IPSet
1 | sudo apt-get install ipset |
Create the blacklist list
1 | sudo ipset create blacklist hash:ip hashsize 4096 |
Tell IPTables to reference the newly created list
1 2 | sudo iptables -I INPUT -m set --match-set blacklist src -j DROP sudo iptables -I FORWARD -m set --match-set blacklist src -j DROP |
Add an IP to the list to test
1 | sudo ipset add blacklist 192.168.10.10 |
…
Continue reading →