- Enable VPN kill switch so it blocks all traffic when the tunnel is down
- Set the VPN as default route before network comes up (always on VPN)
- Disable OS fallback DNS and captive portal probes if possible
- Push DNS through the tunnel explicitly (VPN provided DNS or your own over the tunnel)
- Possibly overkill but useful for peace of mind. Block port 53 outside the tunnel with firewall rules
If DNS can’t reach anything unless the VPN interface is up, then it’s working.
I’ve covered this a couple of times but the confusion is making me think this is one of those times when I think I’m being clear but I’m actually not. I might have to write a guide just for this question.
- Set the VPN as default route before network comes up (always on VPN)
- Disable OS fallback DNS and captive portal probes if possible
- Push DNS through the tunnel explicitly (VPN provided DNS or your own over the tunnel)
- Possibly overkill but useful for peace of mind. Block port 53 outside the tunnel with firewall rules
If DNS can’t reach anything unless the VPN interface is up, then it’s working.
I’ve covered this a couple of times but the confusion is making me think this is one of those times when I think I’m being clear but I’m actually not. I might have to write a guide just for this question.