Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora Resources > Guides & Solutions (Not For Questions)
FedoraForum Search

Forgot Password? Join Us!

Guides & Solutions (Not For Questions) Post your guides here (No links to Blogs accepted). You can also append your comments/questions to a guide, but don't start a new thread to ask a question. Use another forum for that.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 30th April 2017, 07:30 PM
User808 Online
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 600
linuxfedorafirefox
Co-ordinated openVPN connection & Internet kill switch by single click

Hi.

This guide in competition for 2 previous guides, which are:

1) Universal Guide for VPN Connection, via OpenVPN, using Terminal:
http://www.forums.fedoraforum.org/sh...d.php?t=312688

2) Guide for VPN Internet Kill Switch + IPv6 Leak Protection via Firewalld:
http://www.forums.fedoraforum.org/sh...d.php?t=312722

Please review the above 2 guides before continue reading this guide.

Before go further, I would like to thank "HaydnH", member in this forum, who bring my attention for "--up" option of openvpn, which is the corner stone for this guide .....

In this guide we will treat an annoying issue: from above 2 guides we can established connection to VPN via openVPN by terminal, THEN we should open a SECOND terminal to establish Internet kill switch, & for each of these 2 steps we need to enter sudo password. This not brilliant. Even if we use tmux (terminal multipluxer) we will still in need to enter sudo password 2 times, & we will not gain shorter time because we will need to use Crtl+B combination for 2 time, one for divided terminal screen into 2 halves & 2nd for transmit our-self from half to half, plus time to run each of 2 steps (openVPN then kill switch).

In this guide we will learn how to make process so easy by achieving connection to VPN & establishing kill switch from terminal by single blow.

The corner stone is "--up" option of openvpn. This option allow user to run a script just after establishing tun/tan driver ...... This exactly what we need because our kill switch if established before tun/tan driver, then we will never be able to connect to Internet neither from VPN nor normally.

1) we need to add "--up" option to VPN configuration files:

We need to enter into openvpn directory by:

Quote:
cd /etc/openvpn
We have to add these 2 lines (one bellow one) at end of configuration files:

Quote:
script-security 2
up /home/username/.local/bin/iks.sh
N.B: "home/username/.local/bin" is the supposed path location where kill switch script located. If you use other location to store kill switch script, then you have to use it's path instead of this path.

N.B: iks.sh is name of kill switch. You can select other name as you like.

We can use sed command to append these 2 lines at end of all VPN configuration files using one of following 3 approaches:

a- apply bellow 2 commands one after other:

Quote:
sudo sed -i -e "\$ascript-security 2" *.ovpn
Quote:
sudo sed -i -e "\$sup /home/username/.local/bin/iks.sh" *.ovpn
b- or apply bellow 2 command one after other:

Quote:
sudo sed -i -e '$ a script-security 2' *.ovpn
Quote:
sudo sed -i -e '$ a up /home/username/.local/bin/iks.sh' *.ovpn
c- or we can append 2 lines bellow last line of original files in one blow (recommended) by:

Quote:
sudo sed -i -e '$a\
script-security 2\
up /home/username/.local/bin/iks.sh' *.ovpn
N.B:
- the above command MUST written in 3 lines, otherwise will not execute the duty.
- you should type exact location path for script that you associated by --up option.

2) we need to modify the Internet kill switch script, that we explained in "Guide for VPN Internet Kill Switch + IPv6 Leak Protection via Firewalld"
http://www.forums.fedoraforum.org/sh...d.php?t=312722

to change it from multi-rules script into multi-choices script via "read" command. It will be as following:

Code:
#! /bin/bash
echo
echo "=========================================================================="
echo "Script for VPN Internet Kill Switch + IPv6 Leak Protection using Firewalld"
echo "=========================================================================="
echo
echo "Enter one of following choices (on / off, or ON / OFF):"
echo -e "\e[44mon\e[0m: to establish unidirectional kill switch"
echo -e "\e[44moff\e[0m: to remove already established unidirectional kill switch"
echo -e "\e[44mON\e[0m: to establish bidirectional kill switch"
echo -e "\e[44mOFF\e[0m: to remove already established bidirectional kill switch"
read var
echo
case $var in
    on ) echo "Toggle ON Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
         echo
         echo "Warning: connection to VPN should be established before running this script. Otherwise any Internet connection will be impossible!"
         echo "This script only allows VPN output! It does not provide DNS leak protection!"
         echo
         echo "Establishing firewalld rules is starting!"
         sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -j DROP
         sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 999 -j DROP
         sudo firewall-cmd --direct --add-rule ipv6 filter OUTPUT 0 -j DROP
         sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 999 -j DROP
         sudo -k
         echo "Establishing firewalld rules is completed!"
         echo
         echo -e "\e[32mVPN Internet Kill Switch is enabled! Only VPN output is allowed now!"
         echo -e "\e[32mEnjoy surfing Internet safely!\e[0m"
         ;;
    off ) echo "Toggle OFF Unidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
          echo
          echo "Removing firewalld rules is starting!"
          sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv6 filter INPUT 0 -j DROP
          sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 999 -j DROP
          sudo firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -j DROP
          sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 999 -j DROP
          sudo -k
          echo "Removing firewalld rules is completed!"
          echo
          echo "VPN Internet Kill Switch is disabled!"
          ;;
    ON ) echo "Toggle ON Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
         echo
         echo "Warning: connection to VPN should be established before running this script. Otherwise any Internet connection will be impossible!"
         echo "This script only allows VPN output! It does not provide DNS leak protection!"
         echo
         echo "Establishing firewalld rules is starting!"
         sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv6 filter INPUT 0 -j DROP
         sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 1 -i tun+ -p tcp --dport 443 -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 999 -j DROP
         sudo firewall-cmd --direct --add-rule ipv6 filter OUTPUT 0 -j DROP
         sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
         sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 999 -j DROP
         sudo -k
         echo "Establishing firewalld rules is completed!"
         echo
         echo -e "\e[32mVPN Internet Kill Switch is enabled! Both VPN output & input are allowed now!"
         echo -e "\e[32mEnjoy surfing Internet safely!\e[0m"
         ;;
    OFF ) echo "Toggle OFF Bidirectional VPN Internet Kill Switch + IPv6 Leak Protection"
          echo
          echo "Removing firewalld rules is starting!"
          sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -o tun+ -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv6 filter INPUT 0 -j DROP
          sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 0 -i lo -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 1 -i tun+ -p tcp --dport 443 -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter INPUT 999 -j DROP
          sudo firewall-cmd --direct --remove-rule ipv6 filter OUTPUT 0 -j DROP
          sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o lo -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 0 -o tun+ -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 1 -p tcp -m tcp --dport 443 -j ACCEPT
          sudo firewall-cmd --direct --remove-rule ipv4 filter OUTPUT 999 -j DROP
          sudo -k
          echo "Removing firewalld rules is completed!"
          echo
          echo "VPN Internet Kill Switch is disabled!"
          ;;
    * ) echo -e "\e[31mInvalid input! Please re-run this script with valid choice! If you use --up option of openvpn, you should kill process by Ctrl+C then re-run openvpn\e[0m"
esac
__________________
Fedora 24 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

Last edited by User808; 1st May 2017 at 08:16 AM.
Reply With Quote
  #2  
Old 30th April 2017, 07:30 PM
User808 Online
Registered User
 
Join Date: Aug 2016
Location: Iraq
Posts: 600
linuxfedorafirefox
Re: Co-ordinated openVPN connection & Internet kill switch by single click

Now all what need to establish VPN connection & Internet kill switch by one blow, is to open terminal then just type:

vpn.sh variable

where "vpn.sh" is supposed name of script used to connect to VPN, while "variable" is a VPN configuration file name or rule refer to such file (please refer to this guide for more details). By doing this, at middle of process - just after establishing tun/tan driver - Internet kill switch script will run & will ask user to enter one of 4 choices (& will show these choices & a description for their actions). User need, then, to select suitable choice, & process will completed ...... If kill switch established, there will be message appear in green color about this. If user enter invalid choice, there will be red color massage appear in terminal worn user about this & ask heir/him to re-run script. In the last case VPN connection is established but without kill switch & user need to kill process by Ctrl+C then re-run vpn.sh script again & enter valid choice for iks.sh script when appear at middle of process.

When you like to end your VPN session, all what you need (after closing your browser), is to kill process by Ctrl+C then run iks.sh from same terminal with selecting either "off" or "OFF" according to what was you choice initially; "on" or "ON" respectively.

Injoy & say bye bye for Linux VPN company application !
__________________
Fedora 24 X64 bit Cinnamon edition on Lenovo ThinkPad e550 with Intel core i7 5500 CPU @ 2.40 GH X 2, RAM = 8 GB, HHD = 1 TB, Hybrid VGA (Intel Corporation HD Graphic 5500 + Radeon R7 M265 2GB)

Last edited by User808; 1st May 2017 at 08:14 AM.
Reply With Quote
Reply

Tags
click, connection, coordinated, internet, kill, openvpn, single, switch

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Guide for VPN Internet Kill Switch + IPv6 Leak Protection via Firewalld User808 Guides & Solutions (Not For Questions) 1 24th December 2016 11:53 AM
[SOLVED] How can I do Internet Kill Switch for VPN on Fedora User808 Security and Privacy 49 5th November 2016 06:34 PM
[SOLVED] Change to single click instead of using double click. rccharles Using Fedora 3 9th December 2014 02:01 AM
[SOLVED] Single click registered as double click in F17 bingoUV Using Fedora 7 27th August 2012 07:19 PM
Needing left-click to open files upon single-click theAdmiral Hardware & Laptops 6 30th October 2009 03:55 AM


Current GMT-time: 18:35 (Saturday, 22-07-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat