Disable Internet connection when VPN goes offline?

[swealpha]

Hello!

I would like to ask if Asuswrt-merlin disables the internet connection when the OpenVPN provider goes offline?

Or if it is possible to turn it on in settings?


Thank you

 

[Zastoff]

Hello!

I would like to ask if Asuswrt-merlin disables the internet connection when the OpenVPN provider goes offline?

Or if it is possible to turn it on in settings?


Thank you

You can configure a killswitch in the Openvpn client in asuswrt-merlin that block internet for vpn routed devices if tunnel goes down
You can search youtube for asus killswitch

 

[swealpha]

You can configure a killswitch in the Openvpn client in asuswrt-merlin that block internet for vpn routed devices if tunnel goes down
You can search youtube for asus killswitch

That sounds to advanced for me. I wish it was a easy setting that just turned of internet connection until the openVPN provider was online again.

Thank you

 

[Jack Yaz]

 

[swealpha]

View attachment 16511

wow, that easy? Is that something new in Merlin?

Thank you!

 

[emikaadeo]

Is it possible to configure killswitch on stock firmware (ASUSWRT) ?

 

[eibgrad]

Is it possible to configure killswitch on stock firmware (ASUSWRT) ?

I doubt it. Not unless that feature is specifically implemented in the OEM firmware. That's the reason ppl move to third party firmware. It gives you a lot more features. And you gain access to low level functionality, such as the firewall. So adding something like a kill switch is pretty easy. In the case of Merlin, you can use the VPN's built-in kill switch, or just add a kill switch to the firewall directly (my preference), one which runs 24/7, even if the VPN isn't configured or enabled.

Let's assume your WAN's network interface is vlan2, then all you need is the following.

iptables -I FORWARD -o vlan2 -j REJECT

That's just a blanket, wholesale rejection of anything trying to route out the WAN, period. The only way something other than the router itself could reach the internet is if some other network interface became available, like a VPN!

Again, without third party firmware, you can't typically do stuff like this. The OEM just doesn't want to get involved w/ users doing (what to them seems to be) wacky modifications, and more importantly, support it. So they keep their firmware simple and locked down.