Hello all, forgive me for inquiring about something that has likely been explained in the past, I've tried searching in, out, and around, by now I'm starting to question my sanity.
I'm wondering if this is within the scope of OpenVPN, rather than a community behind firewall software like iptables, or a VPN service provider (I've emailed service providers who've told me to go yack at iptables.. which is fairly complicated to me) - My question is about maintaining client anonymity should a VPN server crash, drop, die, burn. It seems really weird to me that OpenVPN doesn't, or doesn't have the option to, completely prevent a users network from connecting after a vpn server goes down, as far as I know (so little) this seems like a huge vulnerability, OpenVPN is like a solid titanium door with a tiny little easy-to-break lock.
I've tried iptables rules, particularly Bebops: http://pastebin.com/yDHTUU5E, but upon starting iptables nothing loads at all, it seems like the vpn server is also being filtered. As for a wishlist topic, I'm wishing for a thorough way to use this software without the possibility of it becoming useless after a single server crash! It may not be OpenVPN's 'job' to perform the work of a firewall, but I still wonder about developer perspectives on this in particular. cheers
Edit---
I read this: http://www.openvpn.net/index.php/open-s ... e-vpn.html - I put tun+/tap+ ACCEPT before my DROP statements ( http://pastebin.com/W69e8JtB ),
I got on iptables netfilter IRC, someone told me that I want VPN interface rules for OUTPUT as well, and that FORWARD likely doesn't matter for me in this case, I'm thoroughly confused.
Prevention of revealing IP should a server go down
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
Forum rules
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
Please use the [oconf] BB tag for openvpn Configurations. See viewtopic.php?f=30&t=21589 for an example.
-
sops
- OpenVpn Newbie
- Posts: 1
- Joined: Thu Dec 01, 2011 5:07 pm
-
Mimiko
- Forum Team
- Posts: 1564
- Joined: Wed Sep 22, 2010 3:18 am
Re: Prevention of revealing IP should a server go down
You are complettly unconsistent. What have a OpenVPN server crash or shutdown have to do with users trying to connect? They will try and will not get a responce. So, your question is very vague.sops wrote:It seems really weird to me that OpenVPN doesn't, or doesn't have the option to, completely prevent a users network from connecting after a vpn server goes down, as far as I know (so little) this seems like a huge vulnerability, OpenVPN is like a solid titanium door with a tiny little easy-to-break lock.