Posted: Fri Mar 15, 2019 14:56 Post subject: NORDVPN "kill switch" kills Vonage
First, I'm a real beginner. I'm using a Linksys WRT3200ACM with the 3-11-19 build.
Nordvpn chat people were unable to help, so I thought I'd pass this issue to this forum.
I tried various servers and udp and tcp settings, the nordvpn help people looked at my logs but eventually resigned.
Here is the kill switch they provide to be put in the firewall section:
WAN_IF=`nvram get wan_iface`
iptables -I FORWARD -i br0 -o $WAN_IF -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -j REJECT --reject-with tcp-reset
iptables -I FORWARD -i br0 -p udp -o $WAN_IF -j REJECT --reject-with udp-reset
With the kill switch, everything but the phone works fine. Without the kill switch, everything including the phone works fine
Hi Bill
I am assuming you have other devices connected via wi-fi and they are able to access the Internet while the Kill switch is active? Or are the other devices that you refer to as working while kill switch is active connected via Ethernet?
when you configured your wireless settings have you got all 3 Wi_fi AP configured or just the 2.4 & 5.0? the 2.4/5.0 at the bottom can cause issues i have read try it with the bottom one disabled. i am not sure it will help but its a starting point.
As I google more, I learn what to google with.... I thought kill switches were VPN specific. Apparently not. so I eventually found the following from eibgrad
WAN_IF="$(ip route | awk '/^default/{print $NF}')"
iptables -I FORWARD -i br0 -o $WAN_IF -m state --state NEW -j REJECT --reject-with icmp-host-prohibited
iptables -I FORWARD -i br0 -p tcp -o $WAN_IF -m state --state NEW -j REJECT --reject-with tcp-reset
Joined: 04 Aug 2018 Posts: 1444 Location: Appalachian mountains, USA
Posted: Sat Mar 16, 2019 18:46 Post subject:
I don't think it is your issue, but FWIW, that udp-reset thing seems to be a bug in NordVPN's published kill switch: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317397 _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
IMHO NORDvpn may be the cheapest but golly they are the toughest for newbies like me to get to work. Sure I'm hidden now, but I had to deal with no Vonage with their "stock" kill switch, then I had to change outgoing email settings to get emails to send... what a pain in the backside!!!
Update: This version of the kill switch kills my guest network. I went back to the eibgrad version.
Have a look at the kill-switch discussion way down in my AirVPN how-to, the first (and long) post at https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1180640. It's much more recent and much more thorough. I'm using the last kill-switch version shown there, the one that is automated to tailor itself to what's in the PBR setup. Before that I used each of the other versions. All worked fine in my five-subnet setup with three of them on the vpn and two not on vpn. Both bridged and unbridged "guest networks" are involved.
Note though that this is a simple firewall setup that assumes your PBR config is of the simple variety, containing only CIDR-format lines or IP-address lines. If you are using the fancier PBR features of the new builds, egc's fancier script is the way to go. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.