merlin vpn - killswitch setup on different (not concurrent) VPN client instances

[Piazzetta]

Hi all,

i'm new to the forum.
i've recently purchased an Asus RT-AC86U router, and i've flashed the latest release of merlin firmware.
i've configured 4 of the 5 client instances with 4 separate VPN servers (first NL, second UK etc), so, if the UK server is slow, i can turn the UK VPN off, and turn the NL VPN on. No need to have concurrent VPN running at the same time.
So far everything works.

However I'm strugling with the killswitch.
The killswitch works when i set the profile only on one of the instances (e.g. UK VPN client istance) (or at least the connection works with the profile set up, don't know how to actually test the killswitch by a failure of the VPN)
however, as soon as I enter and apply the killswitch settings on another profile (e.g. NL VPN istance) , i can nolonger access the internet. This independently if any or none of the VPN connections is active.

settings (the same for each profile):
redirect internet traffic = policy rules
block routed clients if tunnel goes down = yes
all devices: 192.168.1.0/24 -- 0.0.0.0 --> VPN
router: 192.168.1.1 -- 0.0.0.0 --> LAN

to restore internet navigation i have to set the "reduirect internet traffic" to "all" on all profiles.

is there a way to set the router so that as soon as any of the active VPN connection dorps, then the the kill switch takes over?
my expectation was to set a killswitch profile for each of the VPN istances, and the particular profile would be active, if the corresponding VPN was switched on.

thanks you.

 

[Martineau]

Hi all,

i'm new to the forum.
i've recently purchased an Asus RT-AC86U router, and i've flashed the latest release of merlin firmware.
i've configured 4 of the 5 client instances with 4 separate VPN servers (first NL, second UK etc), so, if the UK server is slow, i can turn the UK VPN off, and turn the NL VPN on. No need to have concurrent VPN running at the same time.
So far everything works.

However I'm strugling with the killswitch.
The killswitch works when i set the profile only on one of the instances (e.g. UK VPN client istance) (or at least the connection works with the profile set up, don't know how to actually test the killswitch by a failure of the VPN)
however, as soon as I enter and apply the killswitch settings on another profile (e.g. NL VPN istance) , i can nolonger access the internet. This independently if any or none of the VPN connections is active.

settings (the same for each profile):
redirect internet traffic = policy rules
block routed clients if tunnel goes down = yes
all devices: 192.168.1.0/24 -- 0.0.0.0 --> VPN
router: 192.168.1.1 -- 0.0.0.0 --> LAN

to restore internet navigation i have to set the "reduirect internet traffic" to "all" on all profiles.

is there a way to set the router so that as soon as any of the active VPN connection dorps, then the the kill switch takes over?
my expectation was to set a killswitch profile for each of the VPN istances, and the particular profile would be active, if the corresponding VPN was switched on.

As per this thread Confused as to how to make the kill switch work simply set the killswitch only for VPN Client 4 ...assuming you are using the first four VPN Client instances or VPN Client 5

 

[Piazzetta]

As per this thread Confused as to how to make the kill switch work simply set the killswitch only for VPN Client 4 ...assuming you are using the first four VPN Client instances or VPN Client 5

thanks for the quick reply and the link.
so I set the killswitch on the last client, but what do I chose as settings for client 1-4? do i set "policy rules" and "block routed clients if tunnel goes down" = NO?

What do i do if i want to navigate without VPN? turn off all VPN clients and additionally then turn off the kill switch on the last client?

 

[L&LD]

thanks for the quick reply and the link.
so I set the killswitch on the last client, but what do I chose as settings for client 1-4? do i set "policy rules" and "block routed clients if tunnel goes down" = NO?

What do i do if i want to navigate without VPN? turn off all VPN clients and additionally then turn off the kill switch on the last client?

Did you read that link fully?

 

[Piazzetta]

Did you read that link fully?

yes, but i don't get the underlined part of this sentence: "Set 'Block routed clients if tunnel goes down=YES' only for VPN Client 5 and add the Selective Routing kill switch rules for all five of the VPN Clients".

not to mention the scripts... that's out of my league

 

[L&LD]

yes, but i don't get the underlined part of this sentence: "Set 'Block routed clients if tunnel goes down=YES' only for VPN Client 5 and add the Selective Routing kill switch rules for all five of the VPN Clients".

not to mention the scripts... that's out of my league

Out of my league too.

But I don't need this functionality for my usage!

This is your chance to roll up your sleeves and to learn something new, making mistakes is part of the learning process and the fun.

Besides, you have an actual goal to reach, this isn't just grade-school practice of boring stuff 'we'll never use in real life'.

 

[Martineau]

I set the killswitch on the last client, but what do I chose as settings for client 1-4? do i set "policy rules" and "block routed clients if tunnel goes down" = NO?

Yes

What do i do if i want to navigate without VPN? turn off all VPN clients and additionally then turn off the kill switch on the last client?

Yes

 

[Martineau]

yes, but i don't get the underlined part of this sentence: "Set 'Block routed clients if tunnel goes down=YES' only for VPN Client 5 and add the Selective Routing kill switch rules for all five of the VPN Clients".

not to mention the scripts... that's out of my league

In your user case no scripting is required.

 

[Piazzetta]

Yes



Yes

Thanks!

 

[st3v3n]

So many ways to do so many things We use two concurrent OpenVpn tunnels and everything is divided up between them, and learned something new; always helpful.

Not sure it's applicable in this instance but here's how someone else wrote up hints on the killswitch;
https://www.vpnuniversity.com/routers/use-selectivepolicy-routing-kill-switch-asuswrt-merlin

Cheeers