On Linux, I use a shell script like this:

   servers=( ip1 ip2 ip3 ... )
   
   # Can fwd over internal network
   iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT

   # Can fwd over loopback
   iptables -A OUTPUT -o lo -j ACCEPT

   # Can fwd over the tunnel
   iptables -A OUTPUT -o tun0 -j ACCEPT

   # Can send packets to VPN
   for server in "${servers[@]}"; do
      echo "Installing rules for $server"
      iptables -A OUTPUT -d $server -j ACCEPT
   done

   # Otherwise drop
   iptables -A OUTPUT -j DROP

Use it with a package like iptables-persistent so you don't have to run this every time at boot.

You can do this without IPtables, just make wlan0/eth0 the host route for $server and then make the default gateway the tunnel interface. Decent OpenVPN clients do this by default.

On Mac I used this resource to block traffic with the exception of UDP and on the ppp0 interface: http://superuser.com/questions/468919/prevent-outgoing-traff...

On Windows, you can use WIPFW and make the appropriate rules.

Works like a charm, and hard as hell to detect using standard windows tools.

I'd kill for a solid in depth write up if someone is willing to put one together. I don't know anything about this kind of stuff but it's piqued my interest lately.

A lot of people have asked me for pointers to write-ups, but there don't appear to be any comprehensive ones on the Internet. When I setup all of this, I had to learn from piecing together information from various tutorials and reading manuals and what not.

I have been meaning for a while now to make a mini distribution of Linux that works well for VPN usage out of the box. If people are interested in this sort of thing, maybe I could try to make time for it.

Yes, please.

I would love to see a VM that I can just spin up that allows for an IPSec tunnel to terminate to it in a road-warrior config.

FWIW, here is what I have so far. http://superuser.com/questions/553193/how-do-i-configure-dd-...