• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Creating An OpenVpn Kill Switch?

Scheduled Pinned Locked Moved OpenVPN
4 Posts 3 Posters 2.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    tattinger
    last edited by Jun 11, 2015, 7:19 PM Jun 9, 2015, 2:46 PM

    I am Running pfSense 2.2.2. I have it setup where only two computers use a VPN server and all others go through my Isp.

    The issue I am having is that when the Vpn server goes down, or disconnects, the two computers that are on the VPN then go through to my Isp. What I am trying to do is if the VPN server or connection goes down then on the two VPN computers I get no connection at all to my Isp.

    I have searched and found a post by Derelict  in which he says to create an Alias in firewall using the ip of the two computers that I want to just use through the VPN but that did not work for me.

    Any ideas on how to accomplish this would be greatly appreciated

    Here is a snapshot of my killswitch created in firewall-Aliases

    Killswitch.JPG
    Killswitch.JPG_thumb

    1 Reply Last reply Reply Quote 0
    • T
      tattinger
      last edited by Jun 11, 2015, 7:18 PM

      I have also tried this:

      Firewall > Rules, Floating tab

      Action: Pass
      Disabled: unchecked
      Quick: checked
      Interface: WAN
      Direction: out
      TCP/IP Version: IPv4
      Protocol: UDP
      Source: any
      Destination: any
      Destination port range: 1194

      Then below that rule:

      Action: Reject
      Disabled: unchecked
      Quick: checked
      Interface: WAN
      Direction: out
      TCP/IP Version: IPv4
      Protocol: any
      Source: any
      Destination: any
      Destination port range: any

      Credit goes to Derelict for the Floating Tabs settings above.

      This did not work for me either. When the VPN connection goes down it still then uses my ISP connection.

      Any ideas or suggestions would be greatly appreciated.

      1 Reply Last reply Reply Quote 0
      • G
        gazoo
        last edited by Jul 21, 2015, 7:16 PM

        If you're still looking to do this, I'll tell you how I do it. However, I use PPTP.
        I have 3 rules:

        1. Allow all DNS from your client at ip x.x.x.x. You may not need this, i do because the VPN has a name that changes IP.
        2. Allow client x.x.x.x to VPN endpoint y.y.y.y (all protocols)
        3. Default deny all else near the bottom from x.x.x.x

        So you probably don't need 1).

        1. allows anything going to that VPN address. 3) disallows all else.
        1 Reply Last reply Reply Quote 0
        • D
          Derelict LAYER 8 Netgate
          last edited by Jul 21, 2015, 7:57 PM

          This is how I do it:

          https://forum.pfsense.org/index.php?topic=84463.msg463226#msg463226

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received