[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [opensuse-security] enforcing a route over VPN

Am 05.01.2014 um 21:55 schrieb Christian Boltz <suse-security@xxxxxxxxx>:

> I'd like to have something that blocks the traffic to when the 
> VPN connection is _down_. 
> Call it a static route for to /dev/null ;-)

Ahh, I see.
You can do that:
Somewhere in /etc/init.d/boot.local or wherever you want you could put
„add route -host dev lo“ - and put in your openvpn server’s config something like

client-config-dir /usr/local/openvpn/conf/mailserver

and in


This should do the trick. Do not forget to re-route to loopback once the VPN has bee shut down.
I always would use TLS secured connections to my mailserver. If there would be a certificate mismatch, your MUA would complain and never submit username/password - whatever IP it is connecting to.
Or use client certificates.


PS: Please do not take this literally. I had some drams of Lagavulin ;-)

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail