What's new

VPN Killswitch not working on RT-AC68U 386.12_4

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!


New Around Here
VPN Killswitch doesn't not work on RT-AC68U 386.12_4 when the VPN disconnects it still allows client to go over internet exposing local IP. Here are the settings:

Accept DNS Configuration: Strict
Redirect Internet traffic through tunnel: Yes (all)
Killswitch - Block routed clients if tunnel goes down: Yes

Not sure if its a bug? I have tried using VPN Director policy rule but that didn't help either. Any suggestions?


  • Capture.JPG
    19 KB · Views: 18
Wow, I wrote about this issue with Merlin back in 2020. What is my solution for full proof kill switch but I would like some experts to say otherwise.

Using 384.19 firmware gives me the most simple VPN setup. I use a dedicated router where the feed comes from my main router and feed into the WAN port of the 2nd VPN router.

Turn off NAT since a VPN tunnel does not need NAT to function.

When the tunnel fails (or I turn off the VPN), I get no internet at all. So far it is the only full proof way I can stop any leaks.

With future versions of Merlin, while I do not get leaks, I get the following behavior in DNSLEAKTEST.

1. DNS leaks shows multiple DNS server names (i.e. OpenDNS server names)
2. In some firmwares, my VPN IP is shown but test shows OpenDNS server names.

When using the older firmware, I see the same VPN address along with the DNSleaktest.com




from Zurich, Switzerland

IPHostnameISPCountry EuropeZurich, Switzerland

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!