For months now I’ve been on and off trying to set up a system on my laptop such that I can go anywhere and connect to wifi with 0 leaks, 0 tampering, and only through VPN. Turns out it’s hard.
The best idea I’ve come up with is to use virtualziation:
- disable the network cards in your current/host OS, and also disable TCP/IP on them in case someone like Windows tries to enable them back.
- set up a Virtualbox OS (some kind of Linux) to which you send all your network cards.
- use that OS as a firewall + VPN + vpn killswitch
- route that OS’s internet connection back to your Host OS.
Previously I tried PFSense and OPNSense but those are designed to be installed on a physical machine that acts as a router, and won’t accept (or won’t support drivers for) wifi as their network access input and have no interface for access credentials, wifi network picking etc.
Now I use Debian and its VPN capabilities + ufw firewall.
I would write a guide on how to set this up but there are 2 problems:
- most VPNs you connect to use a DNS name and not an IP (if they had just one static ip then most providers/services etc would block them) More here on the ways that’s a problem: https://forum.level1techs.com/t/linux-killswitch-for-dynamic-ip-vpn-need-a-linux-wizard/125980
- the rigging of automatically connecting to a VPN when you connect to a network is hit and miss. In my case it gets stuck in a loop of trying to (re)connect and failing, until I click on the GUI button to stop the network adapter, then click again to start it. Not reliable enough to run the VM in headless mode, or to ensure an auto connect after a restart/power failure etc.
So now that you hopefully understand what I’m trying to achieve, maybe someone else can help me/us with setting up some kind of linux that can act as a proper firewall + killswitch + VPN?
[EDIT] I know there are these physical “portable” mini routers that can connect to VPN and then you can use them for your phone, laptop etc while on the go. But they all use sim cards, right? I need one that also takes both LAN and wifi, and again, I’d prefer I also had this in software only, in case you don’t have that mini router around.
[EDIT2] I also know there are some automagic installations for Linux with apps from the VPN providers that supposedly take care of things for you. Since on Windows I’ve thoroughly verified that the killswitches for those apps are useless, I’m convinced the Linux counterparts are also not airtight.