Internet connection via ISP despite existing VPN connection in the Asus RT-AC 86U

[tom]

Hello

At the moment I occasionally have the problem with the Asus RT-AC 86U (Merlin 386.14) that although the ovpn connection is running in the router, the ISP IP is displayed on the PC (Linux Mint 21.3) during the IP check (https://www.dein-ip-check.de). If I then restart the connection in the Asus VPN tab via On-Off or click on apply, the ovpn IP is displayed again during the IP check. Killswitch is activated in the VPN tab.

I have now tried to block the ISP iprange on the PC via iptables, but without success. If I stop the VPN connection in the router, the ISP IP is still displayed on the PC and I can access websites via it.

Here are the iptables I have tried (ISP-Iprange: 217.80.0.0-217.95.255.255).

sudo iptables -A OUTPUT -m iprange --src-range 217.80.0.0-217.95.255.255 -j DROP

sudo iptables -I INPUT 1 -p tcp -m iprange --src-range 217.80.0.0-217.95.255.255 -j DROP
sudo iptables -I OUTPUT 1 -p tcp -m iprange --dst-range 217.80.0.0-217.95.255.255 -j REJECT

The Asus is connected to the Fritzbox. Fritzbox -> Asus: 192.168.178.21
Asus -> PC: 192.168.1.218

Where is the error?

 

[eibgrad]

Since you said you enabled the kill switch, I assume you're using the VPN Director. Did you create any rules for your local devices you want routed over the VPN? If no rules, nothing happens! If you did, let's see them.

 

[tom]

I have been using VPN for several years and have never had any problems. In the morning after booting the PC I do an IP check out of habit and for about 2 months now I have occasionally noticed that the ISP IP is displayed although ovpn is switched on in the router.
After reconnecting to ovpn in the router, the ovpn ip is displayed in the PC. I have not changed anything in the router.

I have not created any routing rules in the VPN Director for the (W)Lan devices, except Redirect all + killswitch.
That's why the idea is to block the ISP IPs via iptables in Linuxmint or via ssh in the Asus router, in case I don't notice it and then surf ignorantly via ISP.

 

[eibgrad]

So you're actually describing two (2) problems here. Why is the VPN stopping, and when it does, why doesn't the kill switch work.

I have seen problems in the past w/ the kill switch implementation (it's been changed recently w/ the latest 388 releases for this reason, but afaik, not so w/ 386.14). That's why I've been offering an iptables solution as an alternative for quite some time.

Kill switch doesn't work

It seems to me kill switch stopped working for me. I had 386.1.x FW and noticed after router reboot that my OpenVPN client is down and despite I had setting to prevent client access to Internet when VPN is down, client still had access to Internet. I could not make kill switch work so updated to...

www.snbforums.com

I'm also aware of problems w/ the VPN clients sometimes unexpectedly stopping, and have a watchdog script as well (something I wish the router offered natively).

asus rt-ax88u vpn director not connected right after reboot

Hello, i have installed latest asuswrt merlin on asus rt-ax88 router. I have installed a vpn connection as vpn client with openvpn protocol. When i reboot the router or take it from power, vpn director shows vpn connected status but it is not connected and i have no internet connection. Always...

www.snbforums.com

I'm NOT sure if these will solve all your problems, but I know quite a few ppl are using these scripts after having described similar problems on this forum.

 

[tom]

Thank you for the linked articles. Let's see if they are a solution for my case.

 

[tom]

Internet traffic is now reliably stopped thanks to your script if the VPN stops on its own or I stop it. There is then no longer an Internet connection, not even via the ISP.

The solution was: curl -kLs bit.ly/merlin-installer|tr -d '\r'|sh -s F2GmyrCC (https://www.snbforums.com/threads/kill-switch-doesnt-work.74948/post-715885).
The script has created a new rule in the Vpn-Director, which now ensures security.

Many thanks for the script