Using VPN is something of a must these days and if you really want to click ALL links and install everything that you want to test, is NOT advisable to do it from your working machine. So, I created a Virtual Machine(VM) for that job.
BUT, I think I clicked TOO many links and installed TOO many apps, that many, that I had to format the (VM).
After the format, I installed the VPN codes and everything was working beautifully with my freshly Kubuntu 18.04, until I realize that every time I lose connection with the VPN server I still got connection to the internet.
That was NOT wanted.
So I searched the internet for a solution and I also made a question to the askubuntu community with no luck because: “closed as unclear what you’re asking by Thomas Ward” and “the core question as written is Debian, which is written here, not Ubuntu,”.
Thank you very much.
SO……
I installed Ubuntu 17
I added VPN
I found an article claiming that it can be done through iptables
BUT I kept getting an error when I was executing one of the iptable commands:
“can’t initialize iptables table `un0′: Table does not exist (do you need to insmod?)”
Some suggested that you have to recompile the kernel
But at the end of the day there was an article that did the trick, I added the “-t nat” parameter and my kill switch was ready to go.
Here is how:
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT DROP
sudo iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A OUTPUT -o lo -j ACCEPT
sudo iptables -A OUTPUT -tun0 -p icmp -j ACCEPT -t nat
sudo iptables -A OUTPUT -d 192.168.10.0/24 -j ACCEPT -t nat
#DNS server: 192.168.10.1
sudo iptables -A OUTPUT -d 192.168.10.1 -j ACCEPT -t nat
sudo iptables -A OUTPUT -p udp -m udp --dport 1194 -j ACCEPT -t nat
sudo iptables -A OUTPUT -o tun0 -j ACCEPT -t nat
sudo iptables -A OUTPUT -o tun0 -p tcp --dport 443 -j ACCEPT -t nat
sudo iptables -A OUTPUT -o tun0 -p tcp --dport 80 -j ACCEPT -t nat
sudo iptables -A OUTPUT -o tun0 -p tcp --dport 993 -j ACCEPT -t nat
sudo iptables -A OUTPUT -o tun0 -p tcp --dport 465 -j ACCEPT -t nat
sudo iptables COMMIT
sudo ip6tables -P INPUT DROP
sudo ip6tables -P FORWARD DROP
sudo ip6tables -P OUTPUT DROP