Tutorial

Like the title says, how do you decrypt a headless server at boot time that has it’s root partition LUKS encrypted.. while not on site? I’ve been running my server for almost two years and I knew this problem would come up eventually so it’s been at the back of my mind for a while. And you know it had to come up at the most inopportune time… 15 minutes before I leave town for a weekend away....

NetworkManager unfortunately doesn’t have a kill switch in case your VPN connection drops but you can achieve the same effect through firewall rules. I’m using ufw here but you can achieve the same using iptables or firewall-cmd. I haven’t looked into automating this when VPN connects yet but opening Gufw and switching the profile hasn’t become annoying yet either. If I ever get around to that I’ll post an update....