What's new

VPN kill switch

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

houmi

Regular Contributor
I noticed if I have the kill switch enabled for a VPN connection, and I disconnect the VPN the kill switch works as intended.

However if I reboot the router and the VPN connection isn't set to resume on reboot, the kill switch isn't working anymore... is this the intended consequence ?

I understand the text says: "Block routed clients if tunnel goes down" , but the router can get rebooted on its own (power failure), and it's possible the person who operates the router forgot to check "Automatic start at boot time", so better be safe than sorry and have the kill switch enabled on reboot as well ?
 
When you enable "Automatic Start at Boot Time" this will start the VPN as soon as the router boots. And is essentially the kill switch. If it's enabled you shouldn't have any trouble with leaking your real IP address.
 
Thank you - I understand what you're saying, but please hear me out:

I have a single rule only set for a particular IP (VPN per device), and I set the VPN for that IP and not WAN in the selection method. My device here is a Ubuntu VM.

UbuntuVM 192.168.1.30 0.0.0.0 VPN

I connect to the VPN and the kill switch is on for that connection. I go and disconnect the VPN manually and I see the kill switch is working and my VM can't access the internet, I connect the VPN manually again and the VM connection is re-established (via VPN)

Now let's say I reboot the router, or it loses power. From my understanding, whether you select "Automatic Start at Boot Time" or not (now I have checked it), my VM shouldn't have access to the internet.

I understand you're saying , well that kill switch is only if the tunnel went down. So let's say that I had "Automatic start at boot time" checked, but upon reboot, the VPN servers were down and I couldn't connect to them, I think you don't want to take any chance and the VM shouldn't have access to the internet. Unless I am completely missing that option means, especially that Iface is VPN and not WAN.

Also I am wondering what is the difference between "policy rules" to "policy rules (strict)" ?
 
Dov'è il blocco ?? kill switch, I can't find it.... firmware 384.14.2, hel me

VPN - VPN Client
Set "Force Internet traffic through tunnel" to Policy Rules or Policy Rules (Strict)
Set "Block routed clients if tunnel goes down" -> Yes

1qpuJEb.png


 
Ive got a similar problem. on my AC86U with latest firmware, ive got 192.168.1.0/24 to VPN, VPN set to on, start at boot time on and force internet through policy rules strict.
but if i remove power or have a power failure the router does not block internet traffic at all, in fact it lets it pass through unprotected and exposes me to the outside.
Also it only does this on the second simulated power failure, on the first power failure the router and vpn seem to come back on working ok but if i look at the vpn settings the VPN enable option is then set to OFF (even though "Automatic start at boot time" is still "ON") so on the second power failure boot up nothing is protected.

Can someone please advise how to sort this, it only seems to have started doing this since the most recent firmware update, was working perfectly before.
 
Try this.PNG Try this. Go to Firewall then to Network Services Filter. Select White-list then tick all days, 23:59 to 23:59. Click Apply.
 
Ive got a similar problem. on my AC86U with latest firmware, ive got 192.168.1.0/24 to VPN, VPN set to on, start at boot time on and force internet through policy rules strict.
but if i remove power or have a power failure the router does not block internet traffic at all, in fact it lets it pass through unprotected and exposes me to the outside.
Also it only does this on the second simulated power failure, on the first power failure the router and vpn seem to come back on working ok but if i look at the vpn settings the VPN enable option is then set to OFF (even though "Automatic start at boot time" is still "ON") so on the second power failure boot up nothing is protected.

Can someone please advise how to sort this, it only seems to have started doing this since the most recent firmware update, was working perfectly before.

If I recall correctly, pretty sure the KILL-switch was ALWAYS applied for any VPN Client that is configured to ENABLE it during the BOOT process even if the VPN Client 'Automatic start at boot time=NO'

For old-skool fix see VPN traffic redirect and KILL-switch problem

Bug?
 
If I recall correctly, pretty sure the KILL-switch was ALWAYS applied for any VPN Client that is configured to ENABLE it during the BOOT process even if the VPN Client 'Automatic start at boot time=NO'

This is correct. I was using all-network VPN at one point with Kill Switch selected and no device was getting out regardless of Automatic Start Yes/No. This was on Asuswrt-Merlin 384.12. If the VPN is down, no Internet. Router reboot was not unlocking Internet access either. Even OpenVPN client reset/delete wasn't unblocking the Kill Switch. Then the router had to be rebooted to get the Internet access back. I remember locking myself out once by deleting the VPN client without removing the Kill Switch first.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top