VPN Kill switch

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2
Author Message
aerius
DD-WRT Novice


Joined: 15 Apr 2015
Posts: 6

PostPosted: Fri Jul 01, 2016 17:38    Post subject: Reply with quote
Hello,

I'm using the kill switch script you wrote but I'm using it with the Netgear R7000 running tomato by shibby. I have configured the OpenVPN with my PIA.


In my firewall rules I have the script to kill internet activity when the VPN connection is not working. It is working great like this but when it kills it there is no internet until my next scheduled router reboot. I have scheduled the router to reboot daily at 5AM. What can I add here to make it either restart the OpenVPN connection or have it reboot the router after it kills it?

Thanks.
Sponsor
Night Prowler
DD-WRT Novice


Joined: 15 Jan 2016
Posts: 38

PostPosted: Fri Jul 01, 2016 19:44    Post subject: Reply with quote
aerius wrote:
Hello,

I'm using the kill switch script you wrote but I'm using it with the Netgear R7000 running tomato by shibby. I have configured the OpenVPN with my PIA.


In my firewall rules I have the script to kill internet activity when the VPN connection is not working. It is working great like this but when it kills it there is no internet until my next scheduled router reboot. I have scheduled the router to reboot daily at 5AM. What can I add here to make it either restart the OpenVPN connection or have it reboot the router after it kills it?

Thanks.


I'm pretty sure that DD-WRT automatically reconnects when the VPN is back up. I'm not 100% sure of this?

If using DD-WRT and the VPN goes down, and it does not automatically reconnect, what is the best solution?

_________________
R7000 on DD-WRT v3.0-r32170M kongac (06/11/17)
aerius
DD-WRT Novice


Joined: 15 Apr 2015
Posts: 6

PostPosted: Fri Jul 01, 2016 21:08    Post subject: Reply with quote
I'm not sure if OpenVPN automatically retries to connect if it is disconnected.
Night Prowler
DD-WRT Novice


Joined: 15 Jan 2016
Posts: 38

PostPosted: Sat Jul 02, 2016 0:19    Post subject: Reply with quote
aerius wrote:
I'm not sure if OpenVPN automatically retries to connect if it is disconnected.


In OpenVPN if you add ping-restart 0 to the config it will re-attempt to reconnect if there is a disconnect.

_________________
R7000 on DD-WRT v3.0-r32170M kongac (06/11/17)
aerius
DD-WRT Novice


Joined: 15 Apr 2015
Posts: 6

PostPosted: Mon Jul 11, 2016 22:08    Post subject: Reply with quote
is there a command to stop, then start OpenVPN rather than a reconnect?
vector80
DD-WRT Novice


Joined: 18 Oct 2016
Posts: 7

PostPosted: Wed Oct 26, 2016 12:46    Post subject: Reply with quote
I can't seem to prevent a device from accessing the Internet once a VPN is dropped. Using ipleak.net to validate. I assumed from my readings that the by having following commands in place and rebooting the router I would be protected but I can still access ipleak.net when I turn off my vpn client.

Where have I gone awry?


//////////
Commands
//////////

Start Up Command
/usr/sbin/iptables -I FORWARD -s 192.168.1.116/32 -o $(nvram get wan_iface) -j DROP

Firewall Command
iptables -I FORWARD -s 192.168.1.116 -o $(nvram get wan_iface) -j DROP


//////////////
VPN Settings
//////////////

Tunnel Device: TUN
Protocol: UDP
TLS Cipher: None
LZO Compression: None
NAT: Enabled

Addition Config
# Write to a log file for easy viewing
log /tmp/myvpn.log

# Mute messages that repeat a bunch of times
mute 50

# Do not accept the routes provided by the VPN server
# (will manage those myself)
#route-nopull

# Keep the connection alive and attempt to reestablish it if it dies
keepalive 10 60

# Additional settings specified by VPN provider
tls-client
remote-cert-tls server

# Dont use auth-nocache as it prevents reconnection due to a bug
# auth-nocache

Policy Based Routing
192.168.1.116/32
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum