VPN Director - 2 VPN Clients and Killswitch (3004.388.8_2)

[Skillz]

Hi,

I've just configured 2 OVPN clients, both using VPN Director rules with Killswitch enabled.
OVPN1 has DNS config set to exclusive and OVPN has DNS config set to disabled.

The idea is to have my NAS route through OVPN1, then all other clients through OVPN2, unless I route clients specifically through the WAN.

The Asuswrt-Merlin VPN Director wiki page states the following:

Keep in mind that the killswitch will affect how lower priority clients work. If a higher priority client triggers its killswitch, then no traffic will go through the lower priority clients. You will generally want your lowest priority client to use the killswitch if you use multiple clients.

With above config, As soon as OVPN1 is disabled, my NAS starts (re)routing through OVPN2, instead of -what I'm expecting- killing the connection.
(If I remove the 'LAN to OVPN' rule, the Killswitch for OVPN1 does work, but I need to have my clients go through OVPN2)

How do I configure 192.168.10.2 to only use OVPN1 and kill the connection when OVPN1 disconnects?

Thank you in advance for reading

 

[eibgrad]

A little too much going on there to know for sure where the problem lies. Dump the following so we can see exactly how its configured internally. That often reveals the culprit.

ifconfig
brctl show
ip route show table main
ip route show table ovpnc1
ip route show table ovpnc2
ip rule
iptables -t mangle -vnL
iptables -t nat -vnL
iptables -vnL
cat /tmp/etc/openvpn/client1/config.ovpn
cat /tmp/etc/openvpn/client2/config.ovpn
cat /jffs/openvpn/vpndirector_rulelist
cat /tmp/etc/dnsmasq.conf

Note, do this *after* you've disabled the OpenVPN client so we see the state of the router at the point of failure. Of course, you can mask your public IP, just do so in a way that is obvious and consistent. Do NOT mask any private IPs.