Menu
What's new
By:
Filters Better Search

Proper VPN Policy Rules

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

Dougj

Occasional Visitor
I had migrated from asuswrt to asuswrt-merling a few days ago to gain access to the Killswitch feature for my VPN's. After updating I built my two VPN's in VPN Client and then applied VPN Director policy rules on the Director page, first directing a couple devices straight to the WAN and the rest of my devices (From the assigned DHCP range of 192.168.50.2 t0 192.168.50.254) I assigned to use VPN client 1 OR 2 based on which is active. In the policy rules for VPN client 1 (CAN) & 2 (USA), I assigned the devices in the range 192.168.50.0/24 to use the OVPN client 1 or 2 respectively.

Unfortunately, I also turned on Killswitch so when I disabled my VPN's today to test I was immediatley logged out and locked out of the router interface as well as losing my internet access on all devices but those assigned to use the WAN. I was not able to ping the router at 192.168.50.1 so (as discussed in several other threads) I was forced to a reset and upload my last backup from yesterday which fortunately worked, only losing the rules.

For now, I can disable both VPN's and there are no failures. However, in an effort to get back to using Killswitch are there any best practices (such as redefining my LAN DHCP range and ensuring the router interface address is somehow protected in the rules) and are my rules correct as seen in image 1 and 2? I understand the purpose of Killswitch is to lock down access to the WAN when VPNs are down but I want to ensure I can protect access to the router interface at 192.168.50.1.

TIA
D.
 

Attachments

  • director1.jpg
    director1.jpg
    113.8 KB · Views: 23
  • director2.jpg
    director2.jpg
    99.4 KB · Views: 23
There is a somewhat similar discussion taking place in the following discussion started yesterday in this same subforum. May want to read through it if you haven't done so already.
www.snbforums.com

Wireguard VPN Client: killswitch + reboot -> LAN administration lock-out (NTP failure?)

Hi all - title pretty much says it all, but more details are below. I've read through several discussions (example) regarding killswitch changes/issues. FWIW, it appears to me that most have concerned OpenVPN instead of Wireguard connections. AFAIK, none cites issues with NTP sync on boot as a...
www.snbforums.com www.snbforums.com

PS: Any reason why a second discussion was started when you have an earlier one that appears to discuss the same issue?
www.snbforums.com

Rules wrong

the other day I migrated from asuswrt to merlin on my ax88u router. After doing so my VPNs were gone so I successfully rebuilt them. I set up a couple rules to send two devices over WAN and one rule to send all devices (192.168.50.0/24) in my dhcp range to vpn1 and a second rule to the same IP...
www.snbforums.com www.snbforums.com
 
You must log in or register to reply here.

Similar threads

S
VPN Director - 2 VPN Clients and Killswitch (3004.388.8_2)
Replies
12
Views
710
Skillz
S
G
Wireguard VPN Client: killswitch activation -> LAN administration lock-out
Replies
6
Views
699
ZebMcKayhan
Z
J
VPN director Multiple OpenVPN clients
Replies
7
Views
439
eibgrad
eibgrad
RMerlin
  • Locked
Beta Asuswrt-Merlin 3004.388.8 beta is now available
6 7 8
Replies
155
Views
30K
RMerlin
RMerlin
U
Loss of access to user interface after application of VPN rule and Killswitch (3004.388.8)
Replies
14
Views
991
SaBl
S
Similar threads
Thread starter Title Forum Replies Date
A Proper use of VPN director Asuswrt-Merlin 6
anotherengineer Proper PPPoE Setup on Merlin? Asuswrt-Merlin 14
XxUnkn0wnxX Proper dnsmasq config for local resolver? Asuswrt-Merlin 3
G Using VPN Director to route only torrent traffic through VPN Asuswrt-Merlin 8
B Unable to establish VPN connection to my PiVPN (ovpn) from my Asus RT-AC86U running Asuswrt-Merlin 386.14 Asuswrt-Merlin 1
T Wireguard Client VPN not using DNS Asuswrt-Merlin 14
S Wireguard VPN doesn't work, buyer beware Asuswrt-Merlin 6
G VPN director configuration for qBittorrent Asuswrt-Merlin 7
J ASUS GT-AXE16000 CPU usage with VPN on lan machine Asuswrt-Merlin 25
I Wireguard VPN client does not autostart after reboot Asuswrt-Merlin 2

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 559 (members: 27, guests: 532)
Top