A guide on configuring Kali so all network traffic is routed over an OpenVPN connection.
Install Required Packages
1 | apt-get install network-manager-openvpn network-manager-openvpn-gnome iptables-persistent |
Import your OpenVPN config
It’s best to do this via nmcli rather than the GUI, as you get detailed error messages:
1 | nmcli connection import type openvpn file yourprofile.ovpn |
If it fails to connect, tail -f /var/log/syslog
If you see an error similar to below:
1 | kali gnome-shell[1030]: Invalid VPN service type (cannot find authentication binary) |
This is a known bug. To fix this issue, go to:
Settings > Network > YourProfile, then click the box next to password, and select all users.
Configuring the Firewall
Paste the below commands into a terminal. Note that the VPN provider port and protocol may need changing.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | iptables -Fiptables -Xiptables -P OUTPUT DROPiptables -P INPUT DROPiptables -P FORWARD DROPiptables -A INPUT -i lo -j ACCEPTiptables -A OUTPUT -o lo -j ACCEPTiptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPTiptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT#Allow VPN trafficiptables -A OUTPUT -o tun+ -j ACCEPT#Ensure the below is the same port and protocol as your VPN provideriptables -A OUTPUT -p udp --dport 1198 -j ACCEPT#Allow DNS (if your provider using DNS for round robin between server ip addresses)iptables -A OUTPUT -p udp --dport 53 -j ACCEPT#Allow DHCPiptables -A INPUT -i eth0 -p udp --dport 67:68 --sport 67:68 -j ACCEPTiptables -A OUTPUT -j DROPiptables -A INPUT -j DROP |
Save the rules to run on reboot
1 2 | netfilter-persistent saveupdate-rc.d netfilter-persistent enable |