Posted: Wed May 15, 2019 11:01 Post subject: DD-WRT v3.0 NetGear R7000 with OpenVPN. Setup a killswitch?
Is it possible to setup a killswitch (so that my internet goes completely down when the openvpn fails to connect to the VPN server) with the above setup?
If so, how? Can anyone point me in the correct direction?
Thanks, best regards,
Ernosernos[/i]
Edit: I'm a total noob when it comes to OpenVPN and DD-WRT but fairly good with internet security and an expert in Linux, if that helps you tailor your answer to me hehehe.
Wow that was a really quick answer. Can you explain it in more detail please? Also, is there anyway to test it? Just go to services -> OpenVPN and set to disable, would that be an accurate test?
Does this change need a router reboot?
Can you make a rule for me to block ALL incoming connections that doesn't go through OpenVPN?
Also, since I already have you here: Why is my DD-WRT setup page accessible through my WAN IP? I want that to only be accessible locally.
Joined: 18 Mar 2014 Posts: 12917 Location: Netherlands
Posted: Wed May 15, 2019 13:10 Post subject:
ernosernos wrote:
Wow that was a really quick answer. Can you explain it in more detail please? Also, is there anyway to test it? Just go to services -> OpenVPN and set to disable, would that be an accurate test?
Does this change need a router reboot?
Can you make a rule for me to block ALL incoming connections that doesn't go through OpenVPN?
Also, since I already have you here: Why is my DD-WRT setup page accessible through my WAN IP? I want that to only be accessible locally.
Best Regards.
To test just disable the OVPN client, do not worry your settings are retained
Reboot is usually not necessary but to be sure reboot
All incoming connections are blocked by default that is what the firewall is for, my rule blocks connections originating from the router (br0) and going out of the WAN (VLAN2).
Your setup page should not be accessible from the WAN by default unless you enable it on Administration/Management/Remote Access
If you are referring to the System information page that is visible by default.
You can disable it on Administration/Management/Web Access, set the Enable Site info to Disabled or enable the password protection.
It is on by default, but you can not log in unless you enabled remote access
We have had discussions with the devs, although it is not a security risk per se, the fact that attackers can see what you are using can give them an attack vector.
So for my internet facing routers it is disabled
Exactly to what I am reffering to, it is a security risk per se just to let the "attackers" know you run DD-WRT and what version.
Otherwise you pretty much answered my questions, although, one thing.
OpenVPN is activated in my router, by settings tab services -> OpenVPN. That's why I was asking for a good way to test out the settings.