Creating An OpenVpn Kill Switch?
-
I am Running pfSense 2.2.2. I have it setup where only two computers use a VPN server and all others go through my Isp.
The issue I am having is that when the Vpn server goes down, or disconnects, the two computers that are on the VPN then go through to my Isp. What I am trying to do is if the VPN server or connection goes down then on the two VPN computers I get no connection at all to my Isp.
I have searched and found a post by Derelict in which he says to create an Alias in firewall using the ip of the two computers that I want to just use through the VPN but that did not work for me.
Any ideas on how to accomplish this would be greatly appreciated
Here is a snapshot of my killswitch created in firewall-Aliases
-
I have also tried this:
Firewall > Rules, Floating tab
Action: Pass
Disabled: unchecked
Quick: checked
Interface: WAN
Direction: out
TCP/IP Version: IPv4
Protocol: UDP
Source: any
Destination: any
Destination port range: 1194Then below that rule:
Action: Reject
Disabled: unchecked
Quick: checked
Interface: WAN
Direction: out
TCP/IP Version: IPv4
Protocol: any
Source: any
Destination: any
Destination port range: anyCredit goes to Derelict for the Floating Tabs settings above.
This did not work for me either. When the VPN connection goes down it still then uses my ISP connection.
Any ideas or suggestions would be greatly appreciated.
-
If you're still looking to do this, I'll tell you how I do it. However, I use PPTP.
I have 3 rules:- Allow all DNS from your client at ip x.x.x.x. You may not need this, i do because the VPN has a name that changes IP.
- Allow client x.x.x.x to VPN endpoint y.y.y.y (all protocols)
- Default deny all else near the bottom from x.x.x.x
So you probably don't need 1).
- allows anything going to that VPN address. 3) disallows all else.
-
This is how I do it:
https://forum.pfsense.org/index.php?topic=84463.msg463226#msg463226
