Kill Switch for WireGuard?

[HarryMuscle]

Just wanted to confirm before I proceed any further with getting WireGuard setup just the way I want it, does the VPN Director kill switch functionality work for WireGuard connections?

Thanks,
Harry

 

[Tech9]

This?

[Dev] Asuswrt-Merlin 388.1 development

Replacement RT-AX88U arrived today (looks like DHL delivers on Sundays), which was the perfect occasion to do some AiMesh-related testing and debugging, particularly around the firmware upgrade page.

www.snbforums.com

 

[HarryMuscle]

This?

[Dev] Asuswrt-Merlin 388.1 development

Replacement RT-AX88U arrived today (looks like DHL delivers on Sundays), which was the perfect occasion to do some AiMesh-related testing and debugging, particularly around the firmware upgrade page.

www.snbforums.com

Thanks but I'm not sure I agree with their statement that a kill switch is not possible or needed with WireGuard. They might be correct as long as everything is working correctly and the connection is established. What I'm concerned about though is for example if you tell VPN Director to route client 1 through a WireGuard connection and that connection is changed in the GUI and it doesn't start back up correctly for some reason (this can happen for example if an issue comes up in one of the scripts that is called during the WireGuard client startup process), will client 1 now have no internet access (ie: the kill switch is working) or will it start accessing the internet directly (ie: the kill switch is not working)? There's several other scenarios I can think of but that's just one example.

Thanks,
Harry

 

[L&LD]

New tech/options bring a different mix of capabilities and compromises.

Either use it or don't. But if you don't agree with the implementation, you can always attempt to code things how you think/like it should be done.

 

[Tech9]

What I'm concerned about though

I understand your concerns, but you have to understand how WireGuard works before using it. For better security I would use OpenVPN instead. If you need speed - home router is not the right hardware.

 

[Caesar the Dictator]

I see, the developer briefly explained that traffic cannot leave the client, regardless of whether the connection is established or not, unless the client is manually disabled. Have you ever done a test where you have concrete evidence that traffic is leaking out of the WireGuard tunnel while an active client is unable to connect to the VPN server?

 

[HarryMuscle]

I see, the developer briefly explained that traffic cannot leave the client, regardless of whether the connection is established or not, unless the client is manually disabled. Have you ever done a test where you have concrete evidence that traffic is leaking out of the WireGuard tunnel while an active client is unable to connect to the VPN server?

I'm after the stereotypical VPN kill switch which functions at all times even when the VPN connection is manually disabled. Fortunately I've been able to create that by looking at what the KillMon script does and simply replicating the end result which is just 3 iptables rules.

 

[Amiga]

I've been able to create that by looking at what the KillMon script does and simply replicating the end result which is just 3 iptables rules.

Mind sharing the three iptables rules please for a WireGuard kill switch?

 

[yaya59]

Je recherche le kill switch VPN stéréotypé, fonctionnant en permanence, même lorsque la connexion VPN est désactivée manuellement. Heureusement, j'ai pu créer ce système en observant le fonctionnement du script KillMon et en reproduisant simplement le résultat final, soit trois règles iptables seulement.

Hello,

Can you share them?

 

[bennor]

Bonjour,

Pouvez-vous les partager ?

English only please.