Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In with OpenID
Advertise on LowEndTalk.com

In this Discussion

VPN Provider with Working Kill Switch?

VPN Provider with Working Kill Switch?

Anyone know? Unreliable ISP with intermittent disconnection always expose the original IP, the provider I'm with right now is practically useless.

Comments

  • Can you test and write about protonvpn? A brand of protonmail...

    Hi!

    Thanked by 1spitz
  • Oh, I didn't know protonmail has a vpn service. Thanks for the info!

  • I personally use Windscribe and they have a killswitch, but I guess every major provider has a comparable feature in their client

  • YmpkerYmpker Member, Provider
    edited November 14

    I have tried various vpn kill switch providers and none were really reliable. I ended up using http://www.guavi.com/vpncheck_free.html with openvpn

    /Signature/ https://uptime.is

  • carloshmmcarloshmm Member
    edited November 14

    If you are using GNU/Linux you can set your firewall to allow only traffic that goes through your VPN. This is my current iptables settings:

    -P INPUT DROP -P FORWARD DROP -P OUTPUT DROP -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -s "LOCAL NETWORK ADDRESS RANGE (ex: 192.168.0.0/16)" -j ACCEPT -A INPUT -i tun+ -j ACCEPT -A OUTPUT -o lo -j ACCEPT -A OUTPUT -d "LOCAL NETWORK ADDRESS RANGE (ex: 192.168.0.0/16)" -j ACCEPT -A OUTPUT -d "VPN's DNS" -j ACCEPT -A OUTPUT -d "VPN's DNS" -j ACCEPT -A OUTPUT -p udp -m udp --dport "PORT USED BY OPENVPN TO COMMUNICATE WITH YOUR VPN" -j ACCEPT -A OUTPUT -o tun+ -j ACCEPT -A OUTPUT -j REJECT --reject-with icmp-net-unreachable

    I'm using these settings on my local computer, but if you are going to use it on a remote system via SSH you need to open INPUT/OUTPUT ports for your SSH connection as well, ex (SSH on port 22): -A INPUT -p tcp --dport 22 -j ACCEPT -A OUTPUT -p tcp --sport 22 -j ACCEPT

    Related info: https://wiki.archlinux.org/index.php/Private_Internet_Access#Internet_.22kill_switch.22 https://wiki.archlinux.org/index.php/simple_stateful_firewall

    --edit

    I forget to say that in the case you are going to use a VPN connection remotely you will need to force incoming traffic to go through your default gateway (your original IP). To do this on GNU/Linux you need to edit your kernel routing table to force all incoming connections to reach your default gateway, I'm using these settings on the kernel routing table: /usr/bin/ip rule add from "YOUR IP ADDRESS" table 128 /usr/bin/ip route add table 128 to "YOUR IP ADDRESS"/32 dev "THE GATEWAY NAME OF YOUR IP (ex: eth0)" /usr/bin/ip route add table 128 default via "GATEWAY ADDRESS (GET WITH COMMAND: netstat -r -n)"

    Related info: https://serverfault.com/questions/659955/allowing-ssh-on-a-server-with-an-active-openvpn-client

  • Unfortunately I'm on Desktop Windows 7.

  • I am using proxifier, looking to buy it but they don't offer any discount, you can test it too, i am just a user and I think it's working as advertised but who knows...

    If there is anyone over there knows proxifier developers convince them to make a bf deal on let, thanks :)

    Hi!

  • Bumping this thread

    @Ympker

    I have tried various vpn kill switch providers and none were really reliable.

    Have you tried IVPN?

    https://www.ivpn.net/knowledgebase/165/Do-you-offer-a-kill-switch-or-VPN-firewall.html

    They have a detailed bragging about their firewall and their price is expensive. Is this true or just marketing gimmick?

  • lionlion Member

    Perfect-Privacy has a working Killswitch

Sign In or Register to comment.