That’s why in my setup TCP connections are only allowed over the VPN. There’s no automatic detection whatsoever whether OpenVPN is running, so if you want to use the Internet without the VPN again, you’ll need to explicitly disable PF.There’s a nice guide that explains the PF setup on OS X, and I’m not doing anything more than that here.
A tutorial on PF itself, which is a OpenBSD project, is available as well.
I’m using Tunnelblick as my OpenVPN GUI and IPredator as my VPN provider. Get an account, pay 6€ to activate it for a month (I’ve used PayPal, but you can also use BitCoin and other methods) and set it up according to the guides available on the IPredator website. Make sure that you enable “route all traffic through the VPN” in the “while connected” tab of the advanced settings. According to the Tunnelblick documentation, this is equivalent to the OpenVPN option -redirect-gateway def1. I found Tunnelblick (3.3) to be kind of unstable on my machine. Sometimes I had to terminate OpenVPN myself (using sudo killall openvpn) because it wouldn’t reconnect and Tunnelblick wasn’t able to terminate it. But since the PF rules protect me from unencrypted communication, I don’t really care.
#DOWN IPINATOR HOW TO#
If you fuck up your firewall rules, you might end up in a situation where you can’t even google how to fix things again. Therefore, keep this command in mind: sudo pfctl -d. There’s a default PF configuration file, /etc/pf.conf, and I suggest you don’t modify it. In that file, you need to define one or more anchors which contain the actual rules.
0 kommentar(er)
