El Rincón del Tío Nuke

Open web, software libre, privacidad y más

VPN Kill switch for Linux – Protect from VPN drops and DNS leaks

This post is a follow-up from the one posted at TheTinHat.com

What we want to ensure is that:

  • We connect to our VPN and all traffic goes through it (including DNS).
  • If our VPN connection drops there is no leak and it reconnects automatically.
  • We can return to not using VPN safely.

We will use two scripts, vpn-firewall.sh and vpn-off.sh. Pleace them under your /home/user/bin folder or anywhere else. Make then executable with chmod +x vpn-*




  • Make sure you have the ufw package installed.
  • Before opening any app, execute vpn-firewall.sh to connect to the vpn and set up the firewall. This script will monitor your connection and re-connect to VPN if it drops avoiding any leaks. You can stop monitoring using Ctrl + Z.
  • If you want to stop using VPN, stop monitoring by Ctrl +Z and execute vpn-off.sh IMPORTANT: Make sure your close all apps first or list them under KILL_APPS on the vpn-off.sh script.

If you want to run vpn-firewall.sh each time you open session, you can create a file vpn-firewall.desktop under ~/.config/autostart/ folder with the following content:

[Desktop Entry]
Name=VPN Firewall autostart

Note that this might not work for you since this script needs root access to modify Firewall rules.

7 comments for “VPN Kill switch for Linux – Protect from VPN drops and DNS leaks

Comments are closed.