Revision | fd3c59a963db986c87be1d321f732254d0aef42f (tree) |
---|---|
Time | 2018-10-23 04:06:23 |
Author | Lorenzo Isella <lorenzo.isella@gmai...> |
Commiter | Lorenzo Isella |
A simple script implementing a killswitch with NordVPN. See
https://github.com/karlicoss/nordvpn-kill-switch .
@@ -0,0 +1,53 @@ | ||
1 | +#!/bin/bash | |
2 | +set -e | |
3 | + | |
4 | +CONFIG="$1" | |
5 | + | |
6 | +if [[ -z $CONFIG ]] | |
7 | +then | |
8 | + echo "Usage: sudo nordvpn-kill-switch some_vpn_config.ovpn" | |
9 | + exit 1 | |
10 | +fi | |
11 | + | |
12 | +if [[ $EUID -ne 0 ]] | |
13 | +then | |
14 | + echo "Please run as root" | |
15 | + exit 2 | |
16 | +fi | |
17 | + | |
18 | +IP=`grep "remote " "$CONFIG" | awk '{print $2}'` # not sure if there is a better way... | |
19 | + | |
20 | +if [[ -z $IP ]] | |
21 | +then | |
22 | + echo "Wasn't able to parse VPN IP from the config" | |
23 | + exit 3 | |
24 | +fi | |
25 | + | |
26 | +echo "Connecting to $IP" | |
27 | + | |
28 | +# # https://support.nordvpn.com/hc/en-us/articles/208083995-DNS-servers | |
29 | +# # NordVPN DNS server addresses are: 162.242.211.137 and 78.46.223.24 | |
30 | +# DNS1="162.242.211.137" | |
31 | +# DNS2="78.46.223.24" | |
32 | + | |
33 | +# echo "nameserver $DNS1" > /etc/resolv.conf | |
34 | +# echo "nameserver $DNS2" >> /etc/resolv.conf | |
35 | + | |
36 | +ufw --force reset # reset without prompt to drop previous settings | |
37 | +# TODO is there a way to reset to deny directly? | |
38 | +ufw default deny outgoing | |
39 | +ufw default deny incoming | |
40 | +ufw allow out on tun0 from any to any | |
41 | +ufw allow in on tun0 from any to any | |
42 | + | |
43 | +ufw allow out from any to "$IP" | |
44 | +# TODO are these DNS entries unnecessary? Covered by former rules | |
45 | +# ufw allow out on tun0 from any to "$DNS1" | |
46 | +# ufw allow out on tun0 from any to "$DNS2" | |
47 | + | |
48 | +ufw enable | |
49 | +ufw status | |
50 | + | |
51 | +openvpn "$CONFIG" | |
52 | + | |
53 | + |