How To Setup a VPN Kill Switch Server

vpn kill switch

This will show you how to set up a VPN Kill Switch so all traffic will come from that server. For this server, I am using CentOS, but you can easily use Ubuntu server if you are more familiar with that.

Install packages

sudo apt install openvpn ufw -y
*Note: use apt instead of dnf on Ubuntu or Debian Servers

Set Static IP

sudo nmtui
sudo nmcli connection down eth0 && sudo nmcli connection up eth0

Download OVPN Files

My recommendation for a Public VPN Provider is Express VPN. It is what I use below and in my VPN videos due to its speed and amount of servers. This is my affiliate link where you will receive an extra 3 months free for signing up for a year. https://www.christitus.com/expressvpnHowever, you can use these instructions on ANY VPN that provides ovpn files which any reputable VPN provider has.

mv ~/Downloads/client.ovpn /etc/openvpn/test.conf

Service creation

ls /lib/systemd/system/
*Check for openvpn-client@ or openvpn@
sudo systemctl start openvpn@test

Disable ipv6 and Secure System

sudo nano /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1

sudo sysctl -p
Verify Ipv6 is disabled
cat /proc/sys/net/ipv6/conf/all/disable_ipv6
sudo sysctl --all | grep disable_ipv6

Firewall ufw blocks – VPN Kill Switch

sudo nano /etc/default/ufw
IPV6=no

Whitelist Local Area Network
sudo ufw allow in to 192.168.1.0/24
sudo ufw allow out to 192.168.1.0/24
Block All Incoming and Outgoing Traffic by Default
sudo ufw default deny outgoing
sudo ufw default deny incoming
Whitelist VPN Port for VPN Establishment
sudo ufw allow out to any port 1194 proto udp
*check port by doing head /etc/openvpn/expressvpn.conf
Whitelist VPN Tunnel
sudo ufw allow out on tun0 from any to any
sudo ufw allow in on tun0 from any to any
Enable Firewall
sudo ufw enable

External Program Setup on Server

X11 Forwardinghttps://www.youtube.com/watch?v=auePeI8vZA8
Transmission daemon
sudo apt install transmission-daemon
sudo systemctl stop transmission-daemon
sudo nano /etc/transmission-daemon/settings.json
*enable rpc and whitelist, add blocklist
sudo systemctl start transmission-daemon

Leave any Questions and Comments below and I will get back to you. I regularly publish on YouTube and christitus.com so if you’d like to see more videos and articles be sure and subscribe to our newsletter. If you need immediate assistance, check out our discord channel at Chris Titus Tech Discord.

One Comment

  1. Simon

    Hi Chris,
    Thanks for all your hard work on your channel. I’ve used your guide for my little pi box. I’m trying to get traffic to flow from my lan through a usb adapter (eth1) and out the tunnel (tun0) on eth0. I’ve had a bit of connection trouble. Should I be using iptables (eg. sudo iptables -t nat -A POSTROUTING –out-interface tun0 -j MASQUERADE) or will this just mess up the ufw settings? Thanks

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: