Rules being ignored when VPN client down ?

randombits

Iv'e been playing with FreeOPENVPN and discovered when it's down I can still get internet access via the WAN/WAN2 even though the LAN2 rule states only to go via the VPN gateway ? The only way I can force it not to go via the WAN/WAN2 is turn off WAN and WAN2 gateways to LAN2 leaving freeopenvpn.

screencapture-192-168-1-109-firewall-nat-out-php-2019-05-30-18_28_52.png

screencapture-192-168-1-109-firewall-rules-php-2019-05-30-18_28_43.png

screencapture-192-168-1-109-system-gateways-php-2019-05-30-18_28_47 (1).png

screencapture-192-168-1-109-system-gateways-php-2019-05-30-18_28_47.png

TheNarc

@randombits The easiest way to accomplish this is via packet tagging:
https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

randombits

Thanks, I always assumed rules would block it but obviously not with VPN client servers. I only discovered it by accident when the VPN was down and still had access!.

stephenw10

If the VPN gateway rule is the only pass rule you can prevent it from passing traffic at all when the gateway is down by checking the option Skip rules when gateway is down in Sys > Adv > Misc.
That will then leave you with no pass rules on that interface. That would only work in your case during the scheduled time you have that block rule applying.

Steve

randombits

Thanks Steve, I tried @TheNarc link and that seems to work (locked myself out the WAN at first ) I'll also turn on skip rules as you mention.

Rules being ignored when VPN client down ?

Products

Services

Support

News

Resources

Company

Our Mission

Subscribe to our Newsletter