Here is how to setup OpenVPN server: https://internetlifeforum.com/securi...ndroid-client/

Then following is how to prevent IP leak (connecting internet when VPN is off, thus revealing true IP to remote servers and transferring data without encryption)

If you are using VPN client on a Linux and want to allow your Ubuntu/Debian/Mint/OpenSuse/Arch... or other Linux distribution supported by UFW/gUFW, to use ONLY VPN to connect to the internet, and prevent real IP leaking (bypassing VPN), i describe below the way to do it, but that way still can leak real IP if ufw firewall is killed or stopped. But there are scripts that may monitor it. But if you find that scripts too difficult, try one of the following two approaches:

UPDATE: another, maybe better approach to prevent leak can be using iptables directly: https://www.privateinternetaccess.co...#Comment_44686

In short, one create new file (nano vpnkillswitch) and paste to it:

iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s 255.255.255.255/32 -j ACCEPT
iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i tun+ -j ACCEPT
iptables -A INPUT -j DROP
iptables -A FORWARD -p udp -m udp --dport 53 -j ACCEPT
iptables -A FORWARD -i tun+ -j ACCEPT
iptables -A FORWARD -j DROP
iptables -A OUTPUT -p udp -m udp --dport 1194 -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -d 255.255.255.255/32 -j ACCEPT
iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT
iptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPT
iptables -A OUTPUT -o tun+ -j ACCEPT
iptables -A OUTPUT -j DROP
Note the 1194 port, if you are connecting VPN server at different port, replace it by yours). Then run that file (sudo bash vpnkillswitch) which will add the rules into iptables resulting that the internet traffic that do not go thru OpenVPN tunnel will be blocked.


----------------------
Rest of the text in this post is outdated (more time consuming and maybe less efficient approach), no need to continue reading on


another way with manually defining IPs:

sudo dnf install ufw
sudo ufw default deny incoming
sudo ufw default deny outgoing
sudo ufw allow out to [VPN server IP] port 1194 proto udp
sudo ufw allow out to [VPN provider's DNS IP] port 53
sudo ufw allow out from any to 192.168.0.0/16
sudo ufw allow in from 192.168.0.0/16 to any
sudo ufw allow out on tun0 from any to any
sudo ufw enable
Note: some use custom vpn server port, not default 1194 ; as a "VPN provider DNS IP" i used: 8.8.8.8 which is Google"s open DNS. But if ovpn config file is defined to do DNS via VPN, then this rule is not needed probably. If you added wrong rule/s, you can delete all firewall rules by command "sudo ufw reset" this will delete all rules and disable firewall (enabling is done by "sudo ufw enable").

GUI way:

1. Install gufw (use your package manager like synaptic.. or visit link above to learn how to do it).
2. Click network icon and select to Edit connections. Simply go to Network manager and there create/add new network connection. As a type select something like VPN/"Import a saved VPN configuration...", if you do not have it there, try to install vpn services thru package manager.
3. select/import the .ovpn file your openvpn server generated or your VPN provider given you
4. try to connect VPN clicking on Networks icon
5. If internet works and you see your VPN IP at www.myip.ms, proceed to next step:
6. Open gUFW firewall you installed and "Reset Current Profile" (if you want to) clicking on the "Edit" menu entry.
7. Set "Incoming" and "Outgoing" connections to "Deny". Switch status to enabled. This way you denied all network connections and now you will add exceptions for your public DNS IP and for your VPN server IP.
8. Go to "Rules" tab and click + icon to add new rule:

Policy: Allow
Direction: Out
Interface: All interfaces
Protocol: Both
To: RemotePublicIPOfTheVPNServerHere, Port: PortOfTheServer (1194 example)

9. Add second rule (probably not needed if VPN conf file is set to do DNS lookups via VPN):

Policy: Allow
Direction: Out
Interface: All interfaces
Protocol: Both
To: 8.8.8.8 (the DNS IP VPN server is using) and port 53

10. Add third rule (allowing VPN traffic):

Policy: Allow
Direction: Out
Interface: tun0 (or other tun)
Protocol: Both
From: 10.8.0.2

11. Add fourth rule (allowing local trafic):

Policy: Allow
Direction: Out
Interface: All interfaces
Protocol: Both
From: 192.168.0.0/16
To: 192.168.0.0/16

Result:
The internet started working for me then and when i disconnected VPN all internet connections stopped working which is what i wanted. Internet only via VPN.