NORDVPN "kill switch" kills Vonage

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.)
Author Message
RotoBill
DD-WRT Novice


Joined: 13 Feb 2019
Posts: 16

PostPosted: Fri Mar 15, 2019 14:56    Post subject: NORDVPN "kill switch" kills Vonage Reply with quote
First, I'm a real beginner. I'm using a Linksys WRT3200ACM with the 3-11-19 build.

Nordvpn chat people were unable to help, so I thought I'd pass this issue to this forum.

I tried various servers and udp and tcp settings, the nordvpn help people looked at my logs but eventually resigned.

Here is the kill switch they provide to be put in the firewall section:
WAN_IF=`nvram get wan_iface`
iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset


With the kill switch, everything but the phone works fine. Without the kill switch, everything including the phone works fine

Any advise would be appreciated.

Bill
Sponsor
foz111
DD-WRT User


Joined: 01 Oct 2017
Posts: 155

PostPosted: Fri Mar 15, 2019 15:43    Post subject: Reply with quote
Hi Bill
I am assuming you have other devices connected via wi-fi and they are able to access the Internet while the Kill switch is active? Or are the other devices that you refer to as working while kill switch is active connected via Ethernet?
when you configured your wireless settings have you got all 3 Wi_fi AP configured or just the 2.4 & 5.0? the 2.4/5.0 at the bottom can cause issues i have read try it with the bottom one disabled. i am not sure it will help but its a starting point.
RotoBill
DD-WRT Novice


Joined: 13 Feb 2019
Posts: 16

PostPosted: Fri Mar 15, 2019 16:19    Post subject: Reply with quote
Hi fox111,

Yes all my Ethernet and wifi connections work fine with or without the kill switch. I'm not using the "3rd super" wifi channel.

I am using policy based routing with my Vonage box and Smart TV's NOT on the vpn list. The smart TV's work fine with or without the kill switch.

It seems the Vonage box is the only device adversely affected by the kill switch

Bill
RotoBill
DD-WRT Novice


Joined: 13 Feb 2019
Posts: 16

PostPosted: Fri Mar 15, 2019 19:01    Post subject: Reply with quote
Solved... I think... not sure how to test but

As I google more, I learn what to google with.... I thought kill switches were VPN specific. Apparently not. so I eventually found the following from eibgrad

WAN_IF="$(ip route | awk '/^default/{print $NF}')"
iptables -I FORWARD -i br0 -o $WAN_IF -m state --state NEW -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -m state --state NEW -j REJECT --reject-with tcp-reset


Bill
SurprisedItWorks
DD-WRT User


Joined: 04 Aug 2018
Posts: 192
Location: Appalachian mountains, USA

PostPosted: Sat Mar 16, 2019 18:46    Post subject: Reply with quote
I don't think it is your issue, but FWIW, that udp-reset thing seems to be a bug in NordVPN's published kill switch: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317397
_________________
Five of the Linksys WRT1900ACSv2, on r39144 and r38159. On various: VLANs, client-mode travel router, two DNSCrypt DNS servers (incl Quad9), multiple VAPs, USB/NAS, OpenVPN client (random NordVPN server).

VLANs on the WRT1900ACSv2 and other two-CPU Linksys/Marvell routers:
https://www.dd-wrt.com/phpBB2/viewtopic.php?p=1091367


DNSCrypt for Quad9 DNS and/or multiple servers and/or missing DNSCrypt enable button:
My Sun Jan 06, 2019 post at https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318094[/i]
RotoBill
DD-WRT Novice


Joined: 13 Feb 2019
Posts: 16

PostPosted: Sat Mar 16, 2019 19:25    Post subject: Reply with quote
HI SurprisedItWorks (btw GREAT Handle)

Thanks for the info. I'll give it a try.

IMHO NORDvpn may be the cheapest but golly they are the toughest for newbies like me to get to work. Sure I'm hidden now, but I had to deal with no Vonage with their "stock" kill switch, then I had to change outgoing email settings to get emails to send... what a pain in the backside!!!

But all is well now

Bill
RotoBill
DD-WRT Novice


Joined: 13 Feb 2019
Posts: 16

PostPosted: Sun Mar 17, 2019 4:42    Post subject: Reply with quote
The kill switch given in https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317397 seems to work fine. Thanks to SurprisedItWorks


Update: This version of the kill switch kills my guest network. I went back to the eibgrad version.
foz111
DD-WRT User


Joined: 01 Oct 2017
Posts: 155

PostPosted: Mon Mar 18, 2019 15:42    Post subject: Reply with quote
If your using PBR with a kill switch please see this thread
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318882
RotoBill
DD-WRT Novice


Joined: 13 Feb 2019
Posts: 16

PostPosted: Tue Mar 19, 2019 15:15    Post subject: Reply with quote
DL'd Notepad++
Dl'd ddwrt-ovpn-Kill-switch-PBR.sh file.

Changed the file extension to txt.
Opened it with Notepad++
Copied all to save firewall.

So Far so good

I have all working
pbr pc's are ok
netflix on non-pbr is ok
guest wifi ok
emails in & out are ok

Thanks to all of you!!

Bill
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Marvell MVEBU based Hardware (WRT1900AC etc.) All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum