Posted: Fri Sep 27, 2013 0:19 Post subject: Block VPN devices when VPN is down, but still allow non-VPN
I'm running DD-WRT on x86 hardware (v24-sp2 (03/19/12) std (SVN revision 18777). OpenVPN is configured and connects to my VPN provider without issue. Here's what I'm trying to achieve:
All devices on my network go through my DD-WRT router. Let's say I want one device on my network to bypass the VPN. If I put 192.168.1.100 in the "Policy Based Routing" box on the OpenVPN configuration screen, that IP bypasses the VPN, as it should.
What I would like to do is set it up so if the VPN goes down, all VPN traffic will stop, while still allowing the non-VPN traffic through the router. Here is what I have in my firewall:
Now, if I add the rule " iptables -I FORWARD -i br0 -o eth0 -j DROP" that will stop all traffic that is non-VPN. That would be fine if I didn't want a few devices to bypass the VPN. If I use that rule, the IP address I add in the "Policy Based Routing" box is blocked.
What rules do I need to set to allow traffic to bypass the VPN and stay up if the VPN drops, but that will also block the other clients on my network if the VPN drops?
I hope that makes sense. Any help would be greatly appreciated.
Hey everyone- found this thread and it's certainly helpful but my setup is slighlty different in that I am leveraging policy based routing to forward only certain devices/ip addresses through the vpn tunnel and the rest of my network bypasses the vpn using my isp.