Posted: Sun Apr 27, 2014 19:23 Post subject: Protection in case of VPN disconnect
Hi,
Im using an ASUS RT-AC66U router configured for Private Internet Access (PIA) with the latest Kong build. Everything is working fine (albeit a bit slow compared to the Windows client), but I'd like to know if there is a way to configure the router to ONLY allow internet traffic through the VPN in the event of a VPN disconnect.
Currently, if the router loses connection to the PIA service (or doesn't connect at startup), my true IP address is exposed. And the only way to know this is by manually checking my IP address. The PIA Windows client has a "kill switch" feature that will cut all internet traffic if the connection to PIA is lost.
Can something like this be configured when connected to a VPN service through a dd-wrt configured router?
Hi,
I looked everywhere (well obviously not in the right place,) but where is this setting located in the DD-WRT menus? Also, what exactly will this do?
All I did was specified the IP of devices that need to access VPN in the policy based routing under the VPN tab.
Then on the firewall used the following rule to drop packets
if VPN is not connected:
iptables -I FORWARD -s <ip-address> -o $(nvram get wan_iface) -j DROP
I think this is the kill switch isn't it?
I'm trying to do the same thing and I'm wondering; what exactly do you put under the "Policy Based Routing" part of the VPN section? Do you just enter the IP or a command? and is the <ip-address> part the local lan ip (like 192.168.1.1?) or wan? I'm completely new to this so any extra help would be great.
Under the "Policy Based Routing" section you only specify the internal IP addresses and there is no need for a command. So for me I added the following couple of lines to say I want these devices to go through VPN:
192.168.1.1
192.168.1.2
You could also use a format like xxx.xxx.xxx.xxx/yy but it is probably easier for home users to specify the IPs individually.
As for <ip-address>, it refers to the internal IP address again. So for example, from the above two machines that go through VPN if I want to make sure that the first one doesn't connect to internet if VPN is unavailable I do:
iptables -I FORWARD -s 192.168.1.1 -o $(nvram get wan_iface) -j DROP