What's new

Killswitch - has it been triggered?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

DaveSmeghead

New Around Here
Hi,

I've been using Merlin for several months now and I've read posts in this forum, but this is my first post so please be gentle with me ;)

I'm running 386.3_2 on a RT-AX86U using NordVPN and I've set up a single VPN Client, I have "Killswitch - Block routed clients if tunnel goes down" set to yes. I'm having connection problems, maybe once or twice a week, the external WAN Internet connection stops. A reboot of the router sorts it and I have "Automatic start at boot time" set to yes for the VPN Client so it all starts working again.

How can I tell, by looking at the routers web page (and not the log file as I don't understand any of it), that the killswitch has been triggered? When the connection stops working, before rebooting manually I've loooked at the VPN Director page and that seems normal, the VPN Client page seems normal. Is there somewhere that tells me if the killswitch has been enacted?

I've looked through the documentation and several forum posts about the killswitch and I haven't found anything, so if there is and I've missed it could you post a link please.

Any help would be appreciated
Thanks
 
I'm NOT aware of anything on the GUI, but at least within the relevant underlying data structures, you'll see the routing table for that OpenVPN client (ovpnc1, ovpnc2, etc.) will show "prohibit default" for the default route.

Code:
admin@lab-merlin1:/tmp/home/root# ip route show table ovpnc2
148.72.173.30 via 192.168.63.1 dev vlan2
192.168.63.1 dev vlan2  proto kernel  scope link
192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.1
192.168.63.0/24 dev vlan2  proto kernel  scope link  src 192.168.63.102
192.168.61.0/24 via 192.168.63.1 dev vlan2  metric 1
127.0.0.0/8 dev lo  scope link
prohibit default

That routing table is functionally useless for internet access at that point.
 
Thanks for replying and helping me out with this, I see what you mean. I'll give what you suggest a try the next time it stops working, I'm not sure it is the killswitch that's doing it so this will tell me.

Thinking about it though, if the killswitch is triggered and the VPN is stopped, what can I do? There should be an option in the GUI to restart the router if the killswitch is triggered. This way it could automatically re-establish the VPN connection.
 
Thinking about it though, if the killswitch is triggered and the VPN is stopped, what can I do? There should be an option in the GUI to restart the router if the killswitch is triggered. This way it could automatically re-establish the VPN connection.
Your VPN client should already be attempting to reconnect itself. If it fails to reconnect, then a reboot is unlikely to resolve the issue.
 
Is there any way that I can tell when the VPN Client is attempting to reconnect? Is there anything in the log file? Does it try continually (forever) or does it try X number of times and then give up?
 
Is there any way that I can tell when the VPN Client is attempting to reconnect? Is there anything in the log file? Does it try continually (forever) or does it try X number of times and then give up?
It will be in the logfile. How long it retries will depend on how you configured it.
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top