From: Jan J. K. <ja...@ni...> - 2008-05-22 08:04:00
|
Hi, JLG wrote: > I have an OpenVPN client deployed on a very insecure network, and I > have OpenVPN configured (in tun mode) with the "redirect-gateway" > option so all of the client's internet traffic goes through the > tunnel. I want to configure the client in such a way that, if the > OpenVPN tunnel is not established (or goes down for any reason), the > client will not have internet access--in other words, I want to > prevent the client from inadvertently using an unencrypted connection. > I'm looking for a straightforward way to accomplish this. > stopping internet traffic before openvpn has been run is difficult of course ;-) after the first openvpn session has finished you could run a 'down' script (see manual page) which modifies the default route to not allow any internet traffic except to the openvpn server. I'd consider this setup to be quite rude, however ... HTH, JJK |