Are there further steps to guarantee no vpn leakage?

[SanjeevKSharma]

I have had the experience of the VPN disconnecting and my IP address being exposed.

From what I could gather when it happened, the openVPN binary crashed (pgrep did not find it) and the VPN just went away

Is this setup enough to guarantee no leakage or are there more steps required?
I'm new to privacy and VPNs - if there are more steps required, could anyone reading this post links for further reading / work?

PS - I managed to get this running in podman too. It's just running - I don't know if I screwed anything up in this translation, and I'd like to drop the --privileged, but even with NET_CAP, selinux doesn't like just the capacity-add. (edited to block IPv6)

podman run -d \
--device=/dev/net/tun \
--env SOCKD_WORKERS=10 \
--sysctl net.ipv6.conf.all.disable_ipv6=1 \
--sysctl net.ipv6.conf.default.disable_ipv6=1 \
--sysctl net.ipv6.conf.lo.disable_ipv6=1 \
--privileged \
DOCKER_IMAGE \
 sh -c "   protonvpn connect --p2p;
   sockd -N 10"

(the sockd command didn't use the env variable - I am for some reason unable to get the sh command to take the env variable, ran out of time to investigate)

[krey]

@SanjeevKSharma it shouldn't really work that way. Openvpn creates a separate network interface proton0 which I hardcoded into sockd.conf: https://github.com/krey/protonvpn-docker/blob/master/sockd.conf#L4

If openvpn stops, the interface should disappear and traffic should just stop.

PS - thanks for sharing your podman config :)

[SanjeevKSharma]

proton0 which I hardcoded into

Yes, this setup is superior to my old setup that left me exposed (just the one time I believe)