A guide on configuring Kali so all network traffic is routed over an OpenVPN connection.
Install Required Packages
1 | apt-get install network-manager-openvpn network-manager-openvpn-gnome iptables-persistent |
Import your OpenVPN config
It’s best to do this via nmcli rather than the GUI, as you get detailed error messages:
1 | nmcli connection import type openvpn file yourprofile.ovpn |
If it fails to connect, tail -f /var/log/syslog
If you see an error similar to below:
1 | kali gnome-shell[1030]: Invalid VPN service type (cannot find authentication binary) |
This is a known bug. To fix this issue, go to:
Settings > Network > YourProfile, then click the box next to password, and select all users.

Configuring the Firewall
Paste the below commands into a terminal. Note that the VPN provider port and protocol may need changing.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | iptables -F iptables -X iptables -P OUTPUT DROP iptables -P INPUT DROP iptables -P FORWARD DROP iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT #Allow VPN traffic iptables -A OUTPUT -o tun+ -j ACCEPT #Ensure the below is the same port and protocol as your VPN provider iptables -A OUTPUT -p udp --dport 1198 -j ACCEPT #Allow DNS (if your provider using DNS for round robin between server ip addresses) iptables -A OUTPUT -p udp --dport 53 -j ACCEPT #Allow DHCP iptables -A INPUT -i eth0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT iptables -A OUTPUT -j DROP iptables -A INPUT -j DROP |
Save the rules to run on reboot
1 2 | netfilter-persistent save update-rc.d netfilter-persistent enable |