I connect to the internet through a VPN provider along with other precautions in order to ensure privacy (against traffic analysis by agencies of a repressive government). I currently use Tunnelblick to configure and establish the VPN connection. Tunnelblick does not allow automatically connecting to the provider at or before login so I need to connect manually each time, and sometimes the connection is lost.
I need any and all traffic to go through the VPN connection at all times; whenever the VPN isn't connectable for whatever reason, I want the fallback to be no connection. I need to ensure
-
that OS X does not connect to the internet on my regular internet connection, or at all, during boot (until the login screen, for time synchronization and other possible "call home" stuff etc.). What services, if any, try to do this, and how can I practically analyze and change what's going on with networking during boot? Is there a way to connect to VPN earlier than right after login?
-
that if my VPN connection is temporarily lost, applications do not continue to communicate over my regular unencrypted connection.
I basically want the system to act as if the network connection is lost altogether if the VPN connection fails, but currently they just continue to work as if nothing happened. What can I do to my system so that once a VPN is established, all traffic can only flow through that connection and no traffic can flow if the connection drops?
Best Answer
You need a firewall between you and the Internet that will block all traffic except traffic to the IP address of your VPN host
Your router will more than likely have this functionality built in