[SOLVED] Re: How to block traffic when VPN is down



  • I have an OpenVPN Connection that I only want one or two clients forwarded into, I also need a kill switch if the VPN goes down…

    Reading this post gets me like 95% of the way where I want to go but is old and missing photos.

    The client (right now just my cellphone for testing), works fine when the vpn is on. IPLeak shows I've got everything good when the vpn is up. Once I disable the VPN (via Status>OpenVPN) the client gets sent back into the WAN.

    I do not want this, I need the client to be blocked if the VPN is down.

    So far, this is what my firewall rules look like (-100.152 is the client I need behind the VPN w/ killswitch):

    Floating:
    http://i.imgur.com/4XqGKhn.png
    WAN:
    http://i.imgur.com/nVbjBfs.png
    LAN:
    http://i.imgur.com/xTuxYjr.png

    What am I missing? I'm sure some of my rules are redundant or just stupid, I'm a noob.


  • Rebel Alliance Developer Netgate

    Take the gateway off the block rule on LAN

    And System > Advanced, Miscellaneous tab, check "Skip rules when gateway is down".

    If that floating rule is to block outbound on WAN, it would never match a source of a LAN IP address, NAT has happened by then. That can also be removed.

    The block rule on the WAN tab is both incorrect (could never match anything, has a gateway set – never put gateways on block rules), and unnecessary. Remove it, too.



  • Thank you for your help, another user just PM'ed me with another method of fixing the issue.

    The killswitch now works using the link I just posted above and I'm ready to move on in my network issue 'todo' list.

    Thanks so much for you help.

    Also I had already deleted the redundant/useless rules. I had just started making any rule on whim to see if I could stumble on the solution.


Log in to reply