A guide on configuring Kali so all network traffic is routed over an OpenVPN connection.
Install Required Packages
apt-get install network-manager-openvpn network-manager-openvpn-gnome iptables-persistent
Import your OpenVPN config
It’s best to do this via nmcli rather than the GUI, as you get detailed error messages:
nmcli connection import type openvpn file yourprofile.ovpn
If it fails to connect, tail -f /var/log/syslog
If you see an error similar to below:
kali gnome-shell[1030]: Invalid VPN service type (cannot find authentication binary)
This is a known bug. To fix this issue, go to:
Settings > Network > YourProfile, then click the box next to password, and select all users.
Configuring the Firewall
Paste the below commands into a terminal. Note that the VPN provider port and protocol may need changing.
iptables -F
iptables -X
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#Allow VPN traffic
iptables -A OUTPUT -o tun+ -j ACCEPT
#Ensure the below is the same port and protocol as your VPN provider
iptables -A OUTPUT -p udp --dport 1198 -j ACCEPT
#Allow DNS (if your provider using DNS for round robin between server ip addresses)
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT
#Allow DHCP
iptables -A INPUT -i eth0 -p udp --dport 67:68 --sport 67:68 -j ACCEPT
iptables -A OUTPUT -j DROP
iptables -A INPUT -j DROP
Save the rules to run on reboot
netfilter-persistent save
update-rc.d netfilter-persistent enable