Want to Block 1IP from using Internet when VPN goes down

Derelict

If you don't want traffic from 192.168.0.11 to go out WAN at all, why are you policy routing it out WAN?

comet424

if your talking about from the picture above the 2nd from the bottom
i dont... but if i dont put that rule in there... and i turn off both VPN's
the rules skip the 2 rules below Game Consoles and goes straight to the last Line..

so i put rule just above it... and its TAG No WAN EGRESS so it blocks using WAN

comet424

figured that was better then saying Block 192.168.0.11 * * * in the rules
unless thats better then the TAG i just figured it was a better block if not ill change it

comet424

is this more proper then block wan.JPG

comet424

@Derelict
I have 1 more question if you might know..
the no_wan_egreess works as long as my vpn I don't check the box "Don't Pass Routes"
if I enable it... The IP Address I have Tag NO WAN EGRESS is automatically blocked yet should be using the VPN

but I notice I need to check Don't Pass Routes to get my XBOX to work bypass VPN

do you know how to get get the rule to work for the VPN and TAG No Wan Egress when you check "Don't Pass Routes"

and should I be using that check box or not... whats the difference I tried googling info but I didn't find info
if you have a link that explains the 2 be good too

but I figured I ask you about that since your very smart at this stuff

comet424

so having the check mark Dont Pass Routes... still leaks dns yet i dont see it...

i get email from my isp i done suspicious things but i didnt
i run www.dnsleaktest.com on the 192.168.0.11 and it shows 1 server my NordVPN
yet it must be leaking

is there another program that runs on windows that securly checks this stuff?
as this No Wan Egress isnt working
least it seems to work only when "DO Not Pull Routes" is not Checked.
when its checked it seems to leak or not work right

is there a way to test this and i read some articles you want Do Not Pull Routes other times you do .. how do you know when

Derelict

I'm not sure that people appreciate how complicated what you are trying to do is.

comet424

sorry then ill figure out myself

didnt think it was complicated for you guys just for me
cuz i guess it works fine if Do not pull routes... yet XBOX doesnt work for OPen Nat
and when i do check off pull routes No WAN Gress does not kick in instantly like it does when "do not pull routes " is not checked... and Xbox Works Open Nat

very sorry for troubling you guys then.. i wont ask again

have a good weekend

Derelict

It's not complicated for me. It would just take me three hours I don't have to explain it to you.

You need to understand:

Policy routing and what it is and is not
The routing table and what it is and is not
What Don't pull routes actually does with your chosen VPN provider
How DNS actually works
How connections originating from the firewall itself apply in all of the above
How tagging and matching tagged in pf works

I suggest watching https://www.youtube.com/watch?v=lp3mtR4j3Lw

johnpoz

Think you forget the 0 on your 3 there Derelict... Your 4 days in already.. ;)

This is clearly simple facebook sort of post -- suggest you get your help over there since you don't seem to want to take Derelicts ;) Sure they help you out in couple of mins..