Optional : Block output if vpn is down #5
Description
Hi,
Thank for your great work about this container !
Is it possible to add the possibility to force to block all traffic if the vpn goes doown ?
From my point of view : add a environment for enable this feature and another one to set the vpn ip (additionnal of OPENPVN_CONFIG which look like cn.norvpn.com.tcp.443, another one like OPENVPN_SERVER_IP=cn.nordvpn.com for exemple,
Once done, you need install iptables (and dnsutils to check)
and apply these rules :
iptables -A OUTPUT -j DROP
iptables -A INPUT -i tun0 -j ACCEPT
iptables -A FORWARD -i tun0 -j ACCEPT
iptables -A INPUT -s $OPENVPN_SERVER_IP -j ACCEPT
iptables -A OUTPUT -o tun0 -j ACCEPT
iptables -A OUTPUT -d $OPENVPN_SERVER_IP -j ACCEPT
Then to check if it works :
a loop :
#!/bin/bash
while true
do
dig @ns1.google.com -t txt o-o.myaddr.l.google.com +short
done
and run killall openvpn several time you will see, you never have another public ip than the vpn one ...
I think it's better to add this in your project than fork it ... what do you think about that ?