Need traffic to drop if VPN is not up
-
All,
What I'm looking for is a configuration that will cause all outbound traffic to be dropped when my OpenVPN gateway is not up. Currently, if the VPN drops traffic just gets routed out the WAN interface even though I do not have a default gateway configured. This doesn't make sense to me because every other routing platform I have worked with will drop traffic without a default or other specific route in place.
I've only got two rules on the interface that needs to route out the VPN. One rule for local private traffic, and then a rule for everything else to take the VPN gateway.
-
@zeeohsix
Assuming you have an entire interface routed down the tunnel, I would define a source and explicitly block access to your WAN/default gateway. So, something like this:Allow - VPN_ROUTED_INTERFACE net/local_networks (default gateway)
Allow - VPN_ROUTED_INTERFACE net/any (NORDVPN_VPNV4)
Block - VPN_ROUTED_INTERFACE net/any (default gateway) -
@zeeohsix Under SystemAdvancedMiscellaneous activate that option and everything is good like it is.
-
I was literally in the middle of typing a reply to @marvosa about finding that exact setting and it solving the problem when your reply came in.
Thanks!
-
