Adding a VPN “KillSwitch” to NetworkManager

5 September 2014

I use a VPN connection most days, and leave it unattended. Sometimes, however, it is not as stable as I would like it to be, and it disconnects, for instance because of wireless network problems. The wireless connection is brought up again, but the VPN connection stays down, causing potentially sensible data to be exchanged through an insecure channel. Bad.

How can we solve this?

In jargon, a mechanism that disconnects you from the Internet when your VPN connection disconnects, is called a “VPN Kill Switch”. There is a simple way to add one to NetworkManager, thankfully, via a dispatcher script. These scripts will be automatically called when a connection goes up or down.

You can save the following in /etc/NetworkManager/dispatcher.d/99vpnkillswitch, and give it 0755 permissions (it must be owned by root):

#!/bin/sh

IFFILE=/var/run/vpnkillswitch.iface

interface=$1 status=$2
case $status in
    vpn-up)
        # Get the physical device associated with the VPN connection
        nmcli -f type,device c | awk '$1~/^vpn$/ && $2~/[^\-][^\-]/ { print $2; }' > "${IFFILE}"
    ;;
    vpn-down)
        xargs -n 1 -a "${IFFILE}" nmcli device disconnect
    ;;
esac

You’re good to go! Try stopping your VPN interface, and your associated physical interface should be brought down too.

Advertisements

Configuring Ubuntu Jaunty 9.10 to work with VirtualBox OSE 2.1

16 April 2009

Update: the non-opensource edition of VirtualBox 2.2, still not included in Jaunty, will enable you to skip all of this hassle; it’ll set up a bridged connection for you automatically. However, for 2.1, this still applies.

Many of you may know the OpenSource alternative to the proprietary VMWare solution. Sun’s VirtualBox is very fast and feature-complete enough to substitute most of VMWare’s functionalities. I use it at work since more than a year with wonderful results, both to virtualize Windows under GNU/Linux, or GNU/Linux under Windows.

However, network configuration isn’t as obvious as it should, since NetworkManager doesn’t support bridge-ing interfaces by default. Herein, you’ll find a short tutorial on how to enable your virtual machine to access the Internet when hosted inside a GNU/Linux OS using NetworkManager.

Read the rest of this entry »