VPN kill switch

  • SNBForums will be unavailable for about 2 hours TOMORROW 23 January starting around 2PM EDT for a server changeover.

    All accounts and posts will be preserved.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

houmi

Regular Contributor
I noticed if I have the kill switch enabled for a VPN connection, and I disconnect the VPN the kill switch works as intended.

However if I reboot the router and the VPN connection isn't set to resume on reboot, the kill switch isn't working anymore... is this the intended consequence ?

I understand the text says: "Block routed clients if tunnel goes down" , but the router can get rebooted on its own (power failure), and it's possible the person who operates the router forgot to check "Automatic start at boot time", so better be safe than sorry and have the kill switch enabled on reboot as well ?
 

Skeptical.me

Very Senior Member
When you enable "Automatic Start at Boot Time" this will start the VPN as soon as the router boots. And is essentially the kill switch. If it's enabled you shouldn't have any trouble with leaking your real IP address.
 

houmi

Regular Contributor
Thank you - I understand what you're saying, but please hear me out:

I have a single rule only set for a particular IP (VPN per device), and I set the VPN for that IP and not WAN in the selection method. My device here is a Ubuntu VM.

UbuntuVM 192.168.1.30 0.0.0.0 VPN

I connect to the VPN and the kill switch is on for that connection. I go and disconnect the VPN manually and I see the kill switch is working and my VM can't access the internet, I connect the VPN manually again and the VM connection is re-established (via VPN)

Now let's say I reboot the router, or it loses power. From my understanding, whether you select "Automatic Start at Boot Time" or not (now I have checked it), my VM shouldn't have access to the internet.

I understand you're saying , well that kill switch is only if the tunnel went down. So let's say that I had "Automatic start at boot time" checked, but upon reboot, the VPN servers were down and I couldn't connect to them, I think you don't want to take any chance and the VM shouldn't have access to the internet. Unless I am completely missing that option means, especially that Iface is VPN and not WAN.

Also I am wondering what is the difference between "policy rules" to "policy rules (strict)" ?
 

houmi

Regular Contributor
Dov'è il blocco ?? kill switch, I can't find it.... firmware 384.14.2, hel me
VPN - VPN Client
Set "Force Internet traffic through tunnel" to Policy Rules or Policy Rules (Strict)
Set "Block routed clients if tunnel goes down" -> Yes



 

drcb

New Around Here
Ive got a similar problem. on my AC86U with latest firmware, ive got 192.168.1.0/24 to VPN, VPN set to on, start at boot time on and force internet through policy rules strict.
but if i remove power or have a power failure the router does not block internet traffic at all, in fact it lets it pass through unprotected and exposes me to the outside.
Also it only does this on the second simulated power failure, on the first power failure the router and vpn seem to come back on working ok but if i look at the vpn settings the VPN enable option is then set to OFF (even though "Automatic start at boot time" is still "ON") so on the second power failure boot up nothing is protected.

Can someone please advise how to sort this, it only seems to have started doing this since the most recent firmware update, was working perfectly before.
 

Sonyrolfy

Regular Contributor
Try this.PNG Try this. Go to Firewall then to Network Services Filter. Select White-list then tick all days, 23:59 to 23:59. Click Apply.
 

Martineau

Part of the Furniture
Ive got a similar problem. on my AC86U with latest firmware, ive got 192.168.1.0/24 to VPN, VPN set to on, start at boot time on and force internet through policy rules strict.
but if i remove power or have a power failure the router does not block internet traffic at all, in fact it lets it pass through unprotected and exposes me to the outside.
Also it only does this on the second simulated power failure, on the first power failure the router and vpn seem to come back on working ok but if i look at the vpn settings the VPN enable option is then set to OFF (even though "Automatic start at boot time" is still "ON") so on the second power failure boot up nothing is protected.

Can someone please advise how to sort this, it only seems to have started doing this since the most recent firmware update, was working perfectly before.
If I recall correctly, pretty sure the KILL-switch was ALWAYS applied for any VPN Client that is configured to ENABLE it during the BOOT process even if the VPN Client 'Automatic start at boot time=NO'

For old-skool fix see VPN traffic redirect and KILL-switch problem

Bug?
 

Val D.

Very Senior Member
If I recall correctly, pretty sure the KILL-switch was ALWAYS applied for any VPN Client that is configured to ENABLE it during the BOOT process even if the VPN Client 'Automatic start at boot time=NO'
This is correct. I was using all-network VPN at one point with Kill Switch selected and no device was getting out regardless of Automatic Start Yes/No. This was on Asuswrt-Merlin 384.12. If the VPN is down, no Internet. Router reboot was not unlocking Internet access either. Even OpenVPN client reset/delete wasn't unblocking the Kill Switch. Then the router had to be rebooted to get the Internet access back. I remember locking myself out once by deleting the VPN client without removing the Kill Switch first.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top