Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Creating An OpenVpn Kill Switch?

    OpenVPN
    3
    4
    1686
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tattinger last edited by

      I am Running pfSense 2.2.2. I have it setup where only two computers use a VPN server and all others go through my Isp.

      The issue I am having is that when the Vpn server goes down, or disconnects, the two computers that are on the VPN then go through to my Isp. What I am trying to do is if the VPN server or connection goes down then on the two VPN computers I get no connection at all to my Isp.

      I have searched and found a post by Derelict  in which he says to create an Alias in firewall using the ip of the two computers that I want to just use through the VPN but that did not work for me.

      Any ideas on how to accomplish this would be greatly appreciated

      Here is a snapshot of my killswitch created in firewall-Aliases


      1 Reply Last reply Reply Quote 0
      • T
        tattinger last edited by

        I have also tried this:

        Firewall > Rules, Floating tab

        Action: Pass
        Disabled: unchecked
        Quick: checked
        Interface: WAN
        Direction: out
        TCP/IP Version: IPv4
        Protocol: UDP
        Source: any
        Destination: any
        Destination port range: 1194

        Then below that rule:

        Action: Reject
        Disabled: unchecked
        Quick: checked
        Interface: WAN
        Direction: out
        TCP/IP Version: IPv4
        Protocol: any
        Source: any
        Destination: any
        Destination port range: any

        Credit goes to Derelict for the Floating Tabs settings above.

        This did not work for me either. When the VPN connection goes down it still then uses my ISP connection.

        Any ideas or suggestions would be greatly appreciated.

        1 Reply Last reply Reply Quote 0
        • G
          gazoo last edited by

          If you're still looking to do this, I'll tell you how I do it. However, I use PPTP.
          I have 3 rules:

          1. Allow all DNS from your client at ip x.x.x.x. You may not need this, i do because the VPN has a name that changes IP.
          2. Allow client x.x.x.x to VPN endpoint y.y.y.y (all protocols)
          3. Default deny all else near the bottom from x.x.x.x

          So you probably don't need 1).

          1. allows anything going to that VPN address. 3) disallows all else.
          1 Reply Last reply Reply Quote 0
          • Derelict
            Derelict LAYER 8 Netgate last edited by

            This is how I do it:

            https://forum.pfsense.org/index.php?topic=84463.msg463226#msg463226

            Chattanooga, Tennessee, USA
            The pfSense Book is free of charge!
            DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post