Allow only VPN based internet traffic on Android

Root access needed.

Goal:

Keep programs from accessing the internet even if the VPN software crashes or has not been started yet.

Tools:

Setup:

  • Configure your VPN.
  • Within the firewall tool:
    • Verify that the firewall is in white-list mode.
    • Under "Settings" enable "VPN Support" (and IPv6 since you're already there).
      You most likely want to enable "Tethering Support" and "Notification Support" too.
    • Give internet access only to the installed OpenVPN for Android app (the one with the icon next to it).
    • Give VPN access either to "(Any application)" or just to some of them.

Sidenotes:

  • Due to the unstable nature of mobile network connections it can be advisable to use the TCP mode of OpenVPN (tradeoff: ~10% slower connection but less downtime).[1]
    If you use VoIP, stick to UDP since speed is more important than quality when it comes to speech.
  • If your OpenVPN crashes when switching networks (eg. from WLAN to mobile network) then you should enable floating ("Advanced" -> "Allow floating server").[2]
The author

Written by Per

Free software enthusiast and transhumanist residing in Stuttgart, Germany.


comments powered by Disqus