Issue with VPN Connectivity

macster2075

Very Senior Member
I am on the latest firmware version, and I noticed my vpn wasn't connecting, but I still have Internet even though the kill switch is enabled.
My question is, if the vpn stopped connecting for whatever reason, why didn't the kill switch kill the connection?

I thought the reason for the kill switch is to keep me protected when the vpn disconnects.
Any ideas?

vpn 1.JPG


vpn 2.JPG
 
Last edited:

ColinTaylor

Part of the Furniture
I thought the reason for the kill switch is to keep me protected when the vpn disconnects.
That's true, but you need to have a working VPN for it to "disconnect". It looks like you don't have a valid VPN profile.
 

macster2075

Very Senior Member
That's true, but you need to have a working VPN for it to "disconnect". It looks like you don't have a valid VPN profile.
Yeah, I found out that specific server I was using was discontinued by my vpn provider. Are you saying that if it just stops working instead of getting disconnected, the kill switch won't work as it should?
That doesn't seem logical to me. If there's no VPN connection for whatever reason, the kill switch should just stop all connections, no?
 

ColinTaylor

Part of the Furniture
Yeah, I found out that specific server I was using was discontinued by my vpn provider. Are you saying that if it just stops working instead of getting disconnected, the kill switch won't work as it should?
That doesn't seem logical to me. If there's no VPN connection for whatever reason, the kill switch should just stop all connections, no?
This was explained by RMerlin in the past. Basically, there's a difference between a VPN client that's deliberately turned off or not configured (correctly), and a working VPN client that disconnects. The router can't guess what the user's intention was in the former case with regards to any killswitch action. RMerlin got fed up with people complaining about this, half the people wanted the killswitch to work one way and the other half another way. In the end he made his decision and that's the way it is.
 

macster2075

Very Senior Member
oh wow. Didn't know this was an issue like that lol. Ok it is what it is then. Now, is there a way for me to block internet connection when the vpn stops working for ANY reason or even if I disable it?
Maybe via script?
 

macster2075

Very Senior Member
I can't imagine why would anyone would want the connection to persist when the vpn stops working for any reason other than disconnect. In that case, then don't use the kill switch.
 

ColinTaylor

Part of the Furniture
As I said, you can create a VPN client profile that doesn't work that just happens to have the killswitch option enabled (among many other options). As the profile as a whole is invalid the router can't guess what your intention was.
 

macster2075

Very Senior Member
Right, I understand what you're saying. I just don't see the reason for the router to have to "know my intention" to do what I told it to do, which was to kill the connection when the vpn is enabled, but not connecting for any reason. In my mind, it makes perfect sense lol.

Can this be done by script?
I ask because you mentioned that Merlin decided to set it this way, which makes me think there IS an option to use the kill switch how I would like for it to work.
 

ColinTaylor

Part of the Furniture
@ColinTaylor - How do I uninstall custom scripts?
It depends how you installed them. If you manually created a new file, delete that file. If you added lines to an existing script, edit that file and remove those lines. If you used a third-party script that had its own installer then you need to refer to that script's documentation for the uninstall procedure.
 

macster2075

Very Senior Member
Thank you..it's the one from eibgrad

I went to the page but I don't see uninstall instructions. I also asked eibgrad, but he hasn't responded yet. I see he hasn't posted any comments on that page since April.
 

ColinTaylor

Part of the Furniture
It looks like you will have to manually remove it.

First delete the main script:
Code:
rm /jffs/scripts/merlin-ovpn-client-killswitch.sh

Then edit the firewall-start script and remove the lines that were added. You'll have to work that out for yourself as I've never used this add-on:
Code:
nano /jffs/scripts/firewall-start

After that reboot the router.
 

macster2075

Very Senior Member
Dang.. I should've asked before installing it. Thank you Colin. Hopefully @eibgrad has a way to remove it easier.
 

macster2075

Very Senior Member
Sorry Colin, one more thing.. in the event I have more lines in the firewall.. do I only have to delete this line?

1664322407027.png
 

ColinTaylor

Part of the Furniture
Sorry Colin, one more thing.. in the event I have more lines in the firewall.. do I only have to delete this line?

View attachment 44430
All 5 of those lines are added by the installer script. However, if there is a preexisting firewall-start script the installer doesn't change that file and tells you to edit the file manually. In which case you would know what the file looked like before you edited it.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top