Force Traffic through VPN tunnel

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

haeffnkr

Occasional Visitor
Firmware Version:384.19
I have 2 AC68U routers, one configured open to my ISP the 2nd is running NordVPN and is passing traffic through the open router one.
All seems to be working fine, all traffic on the VPN router goes through the VPN.

Newb Question...
If the VPN goes down I want the VPN traffic stopped and not have my VPN clients use the open ISP.
In Advance Settings on the VPN Client tab, if I select "Force Internet traffic through tunnel" - as Yes, will that do what i need and stop all VPN traffic until the VPN is up again, or do I need to setup some policy rules and configure a "kill switch" as I have read about?

thanks in advance
haeffnkr
 

eibgrad

Very Senior Member
Unfortunately, the kill switch is only accessible if you enable PBR (policy based routing), even if you end up routing *all* clients through the VPN anyway. IMO, a kill switch should be made available irrespective of whether you do or don't use PBR. But due to how the kill switch is implemented, PBR is required. Or else you can add your own kill switch using iptables (my personal preference, and not that hard to do) or Firewall->Network Services Filter. Using your own kill switch w/o the need for PBR has the advantage of NOT taking the router itself off the VPN (something not all users realize is a consequence of using the router's built-in PBR).
 

intr0

Regular Contributor
567EB514-9B49-439B-A45A-34A7CC2A25B8.jpeg
At the bottom of the VPN Client settings, you'll see "block routed clients...". Choose Yes. Also use the Policy Rules as @eibgrad mentioned to route your devices via WAN for those devices that connect directly to your WAN. Also choose VPN for your devices that are to be routed through NordVPN.
 

haeffnkr

Occasional Visitor
thanks for the help so far!!! I am following most of what is being said :)

If I enter - 192.168.2.1/24 - will that block all device on my vpn network? or do I need to add each client.. which will be a lot and changing with dhcp?

These instructions came from Nordvpn

Optional Kill Switch setup (for advanced users):

Here’s how to set up the Kill Switch feature on AsusWRT Merlin firmware:

  1. Go to VPN > OpenVPN Client.
  2. Under Advanced Settings, select Redirect Internet Traffic: Policy Rules
  3. A new option will appear, Block routed clients if tunnel goes down. Enable it.
  4. Under Rules for routing client traffic through the tunnel, add your whole network:

    Description: all devices
    Source IP: 192.168.1.0/24 (if you have a different network or subnet mask, change accordingly)
    Destination IP: leave blank
    Iface: VPN

thanks again haeffnkr :)
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top