As Android does not support OpenVPN out-of-the-box, I was searching for alternatives. It’s quite easy setting up an IPsec/L2TP PSK server, but a script collection by Lin Song (hwdsl2) makes it even easier: checkout setup-ipsec-vpn.
Find the <UUID> of your VPN connection using:
nmcli connection show
Using nmcli you can (re-)connect to your VPN by:
nmcli connection up uuid
Checking every 10 seconds, if VPN is still up, and reconnect otherwise:
#!/bin/bash +x
UUID="<UUID>"
while (true)
do
VPNCON=$(nmcli connection show --active | grep -i vpn | grep -i "${UUID}" | cut -f3 -d " ")
if [[ $VPNCON != "${UUID}" ]] # Double check
then
nmcli connection up uuid "${UUID}"
fi
sleep 10
done
I set up a Xubuntu VM the other day and wanted to make sure, that there’s no traffic besides VPN traffic possible. <insert zomg torrent plz donald duck pic>
# Reset firewall rules
sudo ufw reset
sudo ufw enable
# Load default policies
sudo ufw default deny incoming
sudo ufw default deny outgoing
# Allow traffic on OpenVPN interface
sudo ufw allow in on tun0
sudo ufw allow out on tun0
# Allow traffic to local network
sudo ufw allow in on enp0s3 from 10.0.2.0/24
sudo ufw allow out on enp0s3 to 10.0.2.0/24
# Allow traffic on OpenVPN port via local network
sudo ufw allow in on enp0s3 from any port 1194
sudo ufw allow out on enp0s3 to any port 1194
# DNS: May result in DNS leak
# sudo ufw allow in from any to any port 53
# sudo ufw allow out from any to any port 53