How To Setup a VPN Kill Switch Server

Chris Titus | Dec 2, 2019| Linux Networking

This will show you how to set up a VPN Kill Switch so all traffic will come from that server. For this server, I am using CentOS, but you can easily use Ubuntu server if you are more familiar with that.

Install packages

install image

sudo apt install openvpn ufw -y
*Note: use apt instead of dnf on Ubuntu or Debian Servers

Set Static IP

sudo nmtuisudo nmcli connection down eth0 && sudo nmcli connection up eth0

Download OVPN Files

My recommendation for a Public VPN Provider is Express VPN. It is what I use below and in my VPN videos due to its speed and amount of servers. This is my affiliate link where you will receive an extra 3 months free for signing up for a year. https://christitus.com/expressvpn
However, you can use these instructions on ANY VPN that provides ovpn files which any reputable VPN provider has.

mv ~/Downloads/client.ovpn /etc/openvpn/test.conf

Service creation

sysinstall image

ls /lib/systemd/system/
*Check for openvpn-client@ or openvpn@
sudo systemctl start openvpn@test

Disable ipv6 and Secure System

sysctl

sudo nano /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

sudo sysctl -p

Verify Ipv6 is disabled
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
sudo sysctl --all | grep disable_ipv6

Firewall ufw blocks – VPN Kill Switch

install image

sudo nano /etc/default/ufw

IPV6=no

Whitelist Local Area Network
sudo ufw allow in to 192.168.1.0/24
sudo ufw allow out to 192.168.1.0/24
Block All Incoming and Outgoing Traffic by Default
sudo ufw default deny outgoing
sudo ufw default deny incoming
Whitelist VPN Port for VPN Establishment
sudo ufw allow out to any port 1194 proto udp
*check port by doing head /etc/openvpn/expressvpn.conf
Whitelist VPN Tunnel
sudo ufw allow out on tun0 from any to any
sudo ufw allow in on tun0 from any to any
Enable Firewall
sudo ufw enable

External Program Setup on Server

install image

X11 Forwarding

Transmission daemon
sudo apt install transmission-daemon
sudo systemctl stop transmission-daemon
sudo nano /etc/transmission-daemon/settings.json
*enable rpc and whitelist, add blocklist
sudo systemctl start transmission-daemon

Full Video Walkthrough

#Ubuntu #Ubuntu Server #Firewall

See Also