What am i missing?


New Around Here
Router(name: internal-router) after a reboot will show all network devices as having no internet access. Not sure what has changed recently to cause this. Have been making tweaks lately to get better thruput as i have started streaming content for twitch and YT. Realize i am likely having a brainfart, thanks for reading and helping.

I have 2 routers:
external-router with 1Gb fiber from ISP. Not using provider modem. Internet on the external router subnet works fine with no issues. This router is an AXE11000 that for the faster CPU chip as i force everything thru VPN on the router.
internal-router connected thru Wan port with static external-router subnet IP. This router also has VPN setup on it for the internal-router subnet data.

VPN director for the external router has a static route set for internal-router IP to bypass vpn and go thru WAN port(so as to not have double encryption, as its not needed). I have the internal-router bypassing external-router VPN so that i can easily bypass for my internal streaming PC for upload to YT/Twitch/etc. This still then allows for the internal-router VPN to be required for work pc, server, etc that are on internal-router subnet but dont require high speed internet access.

Something seems to have changed recently with firmware update after 386.5 (maybe?) that causes killswitch on internal-router to block access to local subnet resources, like the UI for the internal-router, after it reboots. If i unplug the WAN cable from the internal-router. I can nav just fine to it and any other resources on local subnet. But i cant get to anything local or otherwise when the wan cable is plugged in.

Any thoughts? What am i missing?


Part of the Furniture
Not sure why having the built-in killswitch enabled on the internal router would prevent access to other local networks on the same router. I don't recall seeing that as an issue. But then again, I have seen complaints from time to time w/ the feature by different users. It blocks based on managing the routing tables, which may be the problem here. As an alternative, you might want to consider a firewall-based solution.

But there's a caveat.

Technically, the built-in kill switch doesn't actually block the WAN, but rather denies access to a default gateway. What that means is that even when enabled, any upstream network on the external router is still reachable from the downstream internal router. But the firewall-based killswitch *does* block the WAN, in its entirety (at least for those devices bound to the VPN)! You'd have to add a firewall exception to allow access to any upstream local networks (note to self: might not be a bad idea for me to add that capability directly to the script).

In short, it might just be easier to change your approach then fight w/ the built-in killswitch. A lot of users end up coming to that conclusion.


Part of the Furniture
P.S. Just remembered something. You don't need to add a firewall rule to gain access to the upstream router's local IP network w/ the firewall-based killswitch script. Assuming you're using the VPN Director, you just need to add a WAN rule that directs that traffic over the WAN. The script specifically makes exceptions for any WAN rules.

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!