What's new

Need router VPN kill switch that allows WAN traffic

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

chrisp2135

New Around Here
I want to add a VPN kill switch to my router. The problem is that most of the examples I've seen shut down access to the WAN port.

This is my setup:

modem -> |router1 (open)| Router1.LAN -> Router2.WAN -> |router2 (vpn)|

Router1 is connected to the modem and offers open access. There is a cable from a LAN port on Router1 to the WAN port on Router2. Router2 is running a VPN client.

This is what I have now on Router2:

iptables -I FORWARD -i br0 -o `nvram get wan_iface` -j DROP

It works as a kill switch, but prevents all access to Router1 from Router2. I want to be able to access devices on Router1 from Router2.

Does anyone have any other ideas?
 
Code:
iptables -I FORWARD -i br0 -o $(nvram get wan0_ifname) -j DROP
iptables -I FORWARD -i br0 -d $(nvram get wan0_ipaddr)/$(nvram get wan0_netmask) -j ACCEPT
 
P.S. I'm assuming you're using AsusWRT/Merlin here (it's the most common option discussed on these forums), but if it's something else, let me know. The specific nvram variables will differ among the various third-party firmwares (dd-wrt, tomato, Merlin, etc.).

For example, dd-wrt would require the following ...
Code:
iptables -I FORWARD -i br0 -o $(nvram get wan_iface) -j DROP
iptables -I FORWARD -i br0 -d $(nvram get wan_ipaddr)/$(nvram get wan_netmask) -j ACCEPT
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top