KILLMON KILLMON v1.1.2 -Feb 29, 2024- IP4/IP6 VPN Kill Switch Monitor & Configurator (Now available in AMTM!)

[SomeWhereOverTheRainBow]

i just tried to install the script on original asus firmware. it installed and configured correctly but when I disconnected VPN my 4 clients I have on the list still have internet access. how can I fix it?

Original asus firmware? Also, yea that is weird the devices still have internet. Did you try unplugging them?

 

[Dean.viens]

Original asus firmware?

Yeah meaning I didn’t flash my router with Merlin

 

[SomeWhereOverTheRainBow]

Yeah meaning I didn’t flash my router with Merlin

I suppose this script only works on merlin.

REQUIREMENTS:
* You must have "JFFS custom scripts" turned on from the router UI, and have Entware installed (easiest way is through AMTM)

All of which require merlin firmware. Hence why this script is listed in the asuswrt merlin addon forum category.

 

[Viktor Jaep]

Yeah meaning I didn’t flash my router with Merlin

Yeah, I never even knew it was possible to try to even attempt to run scripts using the original firmware, but it probably would take jumping through some serious hoops. I had heard that someone was partly successful at running RTRMON using the original firmware - again, not sure how, because it requires all kinds of additional entware components to run correctly.

I would absolutely recommend replacing your stock firmware with Merlin's firmware. Not only do you get everything that comes with stock, but you get so many more goodies you can play with, including the ability to add these scripts. Customization and automation are what make these routers so worth their money! Just got a new AX6000 over Christmas, and stock firmware didn't even see the light of day before flashing the latest Merlin 388.1 FW on there. LOL Thanks for your assist working with @Dean.viens on this, @SomeWhereOverTheRainBow!

 

[Dean.viens]

Original asus firmware? Also, yea that is weird the devices still have internet. Did you try unplugging them?

ok so i put merlin back on it-- the VPN director works now. but now killmon won't install.
it says please install entware beroe proceeding

 

[Dean.viens]

Yeah, I never even knew it was possible to try to even attempt to run scripts using the original firmware, but it probably would take jumping through some serious hoops. I had heard that someone was partly successful at running RTRMON using the original firmware - again, not sure how, because it requires all kinds of additional entware components to run correctly.

I would absolutely recommend replacing your stock firmware with Merlin's firmware. Not only do you get everything that comes with stock, but you get so many more goodies you can play with, including the ability to add these scripts. Customization and automation are what make these routers so worth their money! Just got a new AX6000 over Christmas, and stock firmware didn't even see the light of day before flashing the latest Merlin 388.1 FW on there. LOL Thanks for your assist working with @Dean.viens on this, @SomeWhereOverTheRainBow!

How to install entware?
thanks for your hardwork btw for killswitch!

 

[visortgw]

How to install entware?
thanks for your hardwork btw for killswitch!

Use ep from main amtm menu (or from diversion main menu).

 

[Dean.viens]

Yeah, I never even knew it was possible to try to even attempt to run scripts using the original firmware, but it probably would take jumping through some serious hoops. I had heard that someone was partly successful at running RTRMON using the original firmware - again, not sure how, because it requires all kinds of additional entware components to run correctly.

I would absolutely recommend replacing your stock firmware with Merlin's firmware. Not only do you get everything that comes with stock, but you get so many more goodies you can play with, including the ability to add these scripts. Customization and automation are what make these routers so worth their money! Just got a new AX6000 over Christmas, and stock firmware didn't even see the light of day before flashing the latest Merlin 388.1 FW on there. LOL Thanks for your assist working with @Dean.viens on this, @SomeWhereOverTheRainBow!

ok i got everything working. your the man!.
i don't know if it turns back on on reboot but it works now.
now i just have a dns leak on my vpn. thats the only problem now. how do i fix that? it was fixed before but after merlin, diversion, killmon now dns leak is here.

 

[Viktor Jaep]

ok i got everything working. your the man!.
i don't know if it turns back on on reboot but it works now.
now i just have a dns leak on my vpn. thats the only problem now. how do i fix that? it was fixed before but after merlin, diversion, killmon now dns leak is here.

My DNS leaks to Quad9, because that's how I've designed my setup to work... I don't use my VPN provider's DNS servers... This is how I have mine configured:

Router WAN DNS settings:

VPN client settings;

 

[Dean.viens]

oh you made them a static dns over tls?

 

[Dean.viens]

My DNS leaks to Quad9, because that's how I've designed my setup to work... I don't use my VPN provider's DNS servers... This is how I have mine configured:

Router WAN DNS settings:
View attachment 47205

VPN client settings;
View attachment 47204

im assuming the bottom two are your vpn protected ip?

 

[Viktor Jaep]

im assuming the bottom two are your vpn protected ip?

Not quite sure what you mean by that... My VPN client is basically disabling the capability of it accepting the VPN-provider's DNS information, so I can supply my own.

 

[Dean.viens]

Not quite sure what you mean by that... My VPN client is basically disabling the capability of it accepting the VPN-provider's DNS information, so I can supply my own.

well im just confused of what the bottom two devices are?
i have the quad9 ones done (the top two) but now I need to make sure the bottom two of yours will work with my configuration. I'm just wondering what those are? i only have 4 IP addresses that need to have changes DNS servers. i mean they all could work I'm sure but I just want to make sure it will still work. i don't know what those devices are in your bottom two so i don't know if those same numbers will work in my configuration. that what I'm trying to say

 

[Viktor Jaep]

well im just confused of what the bottom two devices are?
i have the quad9 ones done (the top two) but now I need to make sure the bottom two of yours will work with my configuration. I'm just wondering what those are? i only have 4 IP addresses that need to have changes DNS servers. i mean they all could work I'm sure but I just want to make sure it will still work. i don't know what those devices are in your bottom two so i don't know if those same numbers will work in my configuration. that what I'm trying to say

Oh... those are Quad9 IPv6 addresses... They're not necessary if you're not using IPv6.

 

[Dean.viens]

oh i see. ok well now my only problem is my DNS server does not match my IP. i should be in los Angeles but I'm in Seattle. hmm..

 

[Viktor Jaep]

oh i see. ok well now my only problem is my DNS server does not match my IP. i should be in los Angeles but I'm in Seattle. hmm..

IP locations are a finnicky thing.

 

[Viktor Jaep]

New version of KILLMON released today on this fine Sunday morning... with a nice cup of hot coffee by my side. Some big changes on how it interacts with VPNMON-R2 are included in this!

What's new?
v1.04 - (January 22, 2023)
* ADDED: Some logic was added under the Operations section to determine whether or not to suppress the KILLMON header on the main VPNMON-R2 UI along with the associated logging that happens. If you have KILLMON installed but not running or enabled, VPNMON-R2 would display warnings that KILLMON is disabled and that rule integrity is compromised. You can now suppress or enable this info in VPNMON-R2 from within the KILLMON UI v1.04.
* ADDED: The ability to show/hide the options to help declutter the UI a bit more.
* FIXED: Other minor optimizations and code cleanup to help simplify the UI

Download Link:

curl --retry 3 "https://raw.githubusercontent.com/ViktorJp/KILLMON/master/killmon-1.04.sh" -o "/jffs/scripts/killmon.sh" && chmod a+rx "/jffs/scripts/killmon.sh"

Significant Screenshots:
An indicator within the KILLMON UI now shows if you have enabled/disabled KILLMON from displaying its status within the VPNMON-R2 UI. If you select "disabled", it will not show up in VPNMON-R2 even if KILLMON is fully enabled. This was done because VPNMON-R2 would show that KILLMON's rules were in a compromised state if KILLMON didn't happen to be running at the time, and wanted to get that screen space back if it is installed, but wasn't running.

When this setting is "enabled", VPNMON-R2 will show the KILLMON status within its UI:

 

[igo]

Killswitch doesn't affect digital radio / internet radio (Hardware!) + Shoot 1 Guest Wifi out of the air!

If I manually kick out the VPN my laptop can not connect, my iPhone either, both behave as it should as there is this kill switch working. After about a minute the VPN does automatic reconnect by VPNMON, as it should. After that, webpages are back online. I just noticed (after all evening playing around) that my internet radio was playing music (nice smooth jazz) all the time! How?!?!?! Same wifi.

Well, thats a strange behavior isn't it? Can connect to a new station immediately (so not a buffer thing) FlexQoS is on. Might be the problem? Although I noticed, after switch on the killmon in the first place better not make changes in any VPN configuration. Seems make problems too. at least for a few seconds full internet access till next reset and start of VPNMON. But what me really concerns is that internet radio was playing all the time. Ok, it was a forced vpn shut down. Might behave different when there is a real connection problem. But u might have a look on that. Maybe the problem is that the radio was playing all day and can connect even during startup before the vpn/VPNMON/KILLMON starts?

Well, anyone noticed the same behavior?

And it shoot away one (just one!) of the guest wifi 2,4GHz (even disapeard in the guest wifi menu in asus!) (but not the others and no 5GHz at all) very very strange. State remained trough a reboot. I shut down KILLMON by rr. Guestnetwork back online! Back in Menu as well.

anyone noticed the same behavior?

well, i wont use it for now (missing a -unistall option, but rm killmon.sh manual)

Regards

 

[visortgw]

Killswitch doesn't affect digital radio / internet radio (Hardware!) + Shoot 1 Guest Wifi out of the air!

If I manually kick out the VPN my laptop can not connect, my iPhone either, both behave as it should as there is this kill switch working. After about a minute the VPN does automatic reconnect by VPNMON, as it should. After that, webpages are back online. I just noticed (after all evening playing around) that my internet radio was playing music (nice smooth jazz) all the time! How?!?!?! Same wifi.

Well, thats a strange behavior isn't it? Can connect to a new station immediately (so not a buffer thing) FlexQoS is on. Might be the problem? Although I noticed, after switch on the killmon in the first place better not make changes in any VPN configuration. Seems make problems too. at least for a few seconds full internet access till next reset and start of VPNMON. But what me really concerns is that internet radio was playing all the time. Ok, it was a forced vpn shut down. Might behave different when there is a real connection problem. But u might have a look on that. Maybe the problem is that the radio was playing all day and can connect even during startup before the vpn/VPNMON/KILLMON starts?

Well, anyone noticed the same behavior?

And it shoot away one (just one!) of the guest wifi 2,4GHz (but not the others and no 5GHz at all) very very strange. State remained trough a reboot. I shut down KILLMON by rr. Guestnetwork back online!

anyone noticed the same behavior?

well, i wont use it for now

Regards

Is it possible that the buffering for Internet radio is long enough to survive the "outage"?

 

[igo]

Is it possible that the buffering for Internet radio is long enough to survive the "outage"?

no, it usually disconnects immediately if wifi is down. I was thinking same and even tried to change the station. And it worked, connected in a second. (checked the wifi too, same as laptop).
I guess it is kind of bypassed all IP table rules.