Killswitch scenario question

dreadnought

Occasional Visitor
I have a GT-AX11000 running 386.3_2 firmware. I have tried to setup the VPN (IVPN) with the best settings from IVPN and this forum. I have VPN Director setup to use the killswitch. I have noticed that occasionally (and extremely irritatingly) the VPN will go down (if I go into the VPN Client screen, it will actually show "Off" for service state) but all my computers can still access the Internet (but obviously not using the VPN). I have confirmed that the computers are in the local IP scope in VPN Director and that their interface is correct.

I was browsing some of the posts in this forum about the current killswitch functionality. Am I right that the killswitch only works at boot time? (One thread about the killswitch seemed to imply this, but another one suggests the killswitch should operate whenever the VPN goes down.) My VPN connection always works fine at boot time. The problem is that it goes down randomly (infrequently) well after the GT-AX11000 is booted, and then all my clients continue to be able to hit the Internet as if nothing happened. (If I check the IP address from a client before the VPN goes down, it's the VPN as I expect... after the VPN goes down, it's my ISP.)

If the killswitch only works at boot time, I will find another way to make sure that if the VPN goes down, the clients cannot continue to hit the Internet.

Thanks!
 
Last edited:

ColinTaylor

Part of the Furniture
Am I right that the killswitch only works at boot time?
No. The kill switch should be working as you expect it to in the setup you have described.

The next time it happens save the syslog, upload it to pastebin and post a link to it for use to look at.
 

eibgrad

Part of the Furniture
With the kill switch enabled, the OpenVPN client will *always* deny access to the WAN by those LAN clients bound to the VPN while the OpenVPN client is enabled/active. The issue becomes what happens on a reboot, *before* the OpenVPN client is established (assuming it even becomes established; perhaps it can't connect to the server for some reason). Many users would still like the kill switch to be active. They don't want traffic to leak over the WAN simply because the router was rebooted and the OpenVPN client hasn't connected as yet. In that one scenario, the router will prevent access to the WAN, even before the OpenVPN client starts, *if* you have autostart enabled.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top