On 11/07/2016 06:57 AM, Thomas Haller wrote:
Another thing is ensuring that all traffic is routed via the VPN (that
is, controlling the configured routes). That is not supported by NM
directly (besize that you can manually configure your underlying
connection to have no default-route and only give a default-route to
the VPN connection). See for example
https://bugzilla.gnome.org/show_bug.cgi?id=749376 .
FWIW... If the OP is inquiring about a 'fail closed' configuration that
can prevent any traffic leaking from the tunnel, then he may want to
look at Qubes OS where users can define a 'Proxy VM' to control all
traffic in this way. This means the VPN is running inside a forwarding
*router* and preventing leaks becomes a much simpler matter of stopping
any forwarding to clearnet NICs.
https://theinvisiblethings.blogspot.com/2011/09/playing-with-qubes-networking-for-fun.html
https://www.qubes-os.org/doc/vpn/
You can get the same effect with a dedicated physical router, but then
you'd have to carry that around (and router devices get exploited a lot
these days).
Chris
_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list