This page looks best with JavaScript enabled

How To Setup a VPN Kill Switch Server

 ·  β˜• 3 min read  ·  ✍️ Chris Titus

This will show you how to set up a VPN Kill Switch so all traffic will come from that server. For this server, I am using CentOS, but you can easily use Ubuntu server if you are more familiar with that.

Install packages

install image

sudo apt install openvpn ufw -y
*Note: use apt instead of dnf on Ubuntu or Debian Servers

Set Static IP

sudo nmtuisudo nmcli connection down eth0 && sudo nmcli connection up eth0

Download OVPN Files

My recommendation for a Public VPN Provider is Express VPN. It is what I use below and in my VPN videos due to its speed and amount of servers. This is my affiliate link where you will receive an extra 3 months free for signing up for a year. https://christitus.com/expressvpn
However, you can use these instructions on ANY VPN that provides ovpn files which any reputable VPN provider has.

mv ~/Downloads/client.ovpn /etc/openvpn/test.conf

Service creation

sysinstall image

ls /lib/systemd/system/
*Check for openvpn-client@ or openvpn@
sudo systemctl start openvpn@test

Disable ipv6 and Secure System

sysctl

sudo nano /etc/sysctl.conf

net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

sudo sysctl -p

Verify Ipv6 is disabled
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
sudo sysctl --all | grep disable_ipv6

Firewall ufw blocks – VPN Kill Switch

install image

sudo nano /etc/default/ufw

IPV6=no

Whitelist Local Area Network
sudo ufw allow in to 192.168.1.0/24
sudo ufw allow out to 192.168.1.0/24
Block All Incoming and Outgoing Traffic by Default
sudo ufw default deny outgoing
sudo ufw default deny incoming
Whitelist VPN Port for VPN Establishment
sudo ufw allow out to any port 1194 proto udp
*check port by doing head /etc/openvpn/expressvpn.conf
Whitelist VPN Tunnel
sudo ufw allow out on tun0 from any to any
sudo ufw allow in on tun0 from any to any
Enable Firewall
sudo ufw enable

External Program Setup on Server

install image

X11 Forwarding
x11 forwarding
Note: YouTube Video - Hold Ctrl + Left Click to open in new window

Transmission daemon
sudo apt install transmission-daemon
sudo systemctl stop transmission-daemon
sudo nano /etc/transmission-daemon/settings.json
*enable rpc and whitelist, add blocklist
sudo systemctl start transmission-daemon

Full Video Walkthrough

vpn kill switch
Note: YouTube Video - Hold Ctrl + Left Click to open in new window

Contact Me

I live stream on Chris Titus Tech YouTube Channel every Friday at 10 AM CST and archive clips to Titus Tech Talk. I also regularly publish to christitus.com, but if you’d like to contact me directly or want to contribute to help keep these articles and videos being made consider joining the CTT members.

Two Memberships exist:

  • ChrisTitus.com Members Section (CC Only)
    • Full Archive of All Unlisted Live Streams
    • Direct Members Only Email
    • Monthly Members Only Video
    • Starting at $2 Per Month (100% of Proceeds goes to Chris Titus Tech)
  • YouTube Chris Titus Tech Membership (All Payments Accepted)
    • YouTube Emojis for Comments and Live Chat
    • YouTube Badges that changes based on membership time for comments and chat.
    • All YouTube comments are highlighted when I review comments daily.
    • Immediate Access to Full Live Streams
    • $4.99 Per Month (70% of the Proceeds goes to Chris Titus Tech)
Share on
Chris Titus
WRITTEN BY
Chris Titus
Tech Content Creator

See Also