Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rules being ignored when VPN client down ?

    Scheduled Pinned Locked Moved Off-Topic & Non-Support Discussion
    5 Posts 3 Posters 614 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • randombitsR
      randombits
      last edited by randombits

      Iv'e been playing with FreeOPENVPN and discovered when it's down I can still get internet access via the WAN/WAN2 even though the LAN2 rule states only to go via the VPN gateway ? The only way I can force it not to go via the WAN/WAN2 is turn off WAN and WAN2 gateways to LAN2 leaving freeopenvpn.

      screencapture-192-168-1-109-firewall-nat-out-php-2019-05-30-18_28_52.png

      screencapture-192-168-1-109-firewall-rules-php-2019-05-30-18_28_43.png

      screencapture-192-168-1-109-system-gateways-php-2019-05-30-18_28_47 (1).png

      screencapture-192-168-1-109-system-gateways-php-2019-05-30-18_28_47.png

      T 1 Reply Last reply Reply Quote 0
      • T
        TheNarc @randombits
        last edited by

        @randombits The easiest way to accomplish this is via packet tagging:
        https://www.infotechwerx.com/blog/Prevent-Any-Traffic-VPN-Hosts-Egressing-WAN

        1 Reply Last reply Reply Quote 0
        • randombitsR
          randombits
          last edited by

          Thanks, I always assumed rules would block it but obviously not with VPN client servers. I only discovered it by accident when the VPN was down and still had access!.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            If the VPN gateway rule is the only pass rule you can prevent it from passing traffic at all when the gateway is down by checking the option Skip rules when gateway is down in Sys > Adv > Misc.
            That will then leave you with no pass rules on that interface. That would only work in your case during the scheduled time you have that block rule applying.

            Steve

            1 Reply Last reply Reply Quote 0
            • randombitsR
              randombits
              last edited by

              Thanks Steve, I tried @TheNarc link and that seems to work (locked myself out the WAN at first 🙄 ) I'll also turn on skip rules as you mention.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.