MX Linux Forum

Sorry to bump this, but I found a solution for the gid-owner approach.
It turns out 'iptables' checks only if a given group is user's primary, but won't work if a user merely belongs (branches out) to this group. So since 'openvpn' must be run with 'sudo', I had to change root's primary group to ...

the issue in first approach is almost definitely in this line:
sudo iptables -A OUTPUT -j ACCEPT -m owner --gid-owner openvpn
Relevant: https://unix.stackexchange.com/a/413835

So it seems it's a bug in iptables's extension. Does someone have an idea how to apply this solution in most clean ...

That did it, the "ufw" approach now works correctly. But I wonder why the first approach doesn't work? It looked very promising because it does not require manually resolving and then hardcoding IP addresses for each config file.

---edit:

After some insight, the issue in first approach is almost ...

I'm having trouble setting up a killswitch for a given OpenVPN config file. Basically, I want all connections outside of VPN to be dropped, except loopback and local subnet.

I was experimenting with this free OpenVPN config: https://www.freeopenvpn.org/en/cf/russia.php
By itself, without further ...

Well, I was hoping it is incorporated in network manager's GUI somewhere but if not, I will use iptables or ufw. The problem is that if I want to disable VPN sometimes to access my bank account for example, I will have to revert iptables or ufw manually.

I can easily import an .ovpn file with the GUI network manager, but I'd also like to have a working killswitch, so that if VPN connection drops, I lose access to the Internet instead of reverting to my bare connection. I checked "advanced" options but I'm not that knowledgeable to understand ...

But can MX Live USB Maker create from any iso, including Windows?

Hmm, for me it works fine.
Actually it would be nice if there was an integrated bootable stick maker in Thunar's custom actions. I miss this feature, coming from Linux Mint.

balenaEtcher is an open-source tool for creating bootable pendrives.
https://www.balena.io/etcher/

They have an official .deb repo, both x86 and x64, with instructions how to add it here: https://github.com/balena-io/etcher#debian-and-ubuntu-based-package-repository-gnulinux-x86x64
Such version ...

Thanks for your input, I will remove the custom secure path entry then.