I have a GL-AR750S running the 4.3.2 beta firmware. I access Nord via OpenVPN. I need to be able to access the WAN but I also want all other traffic to be routed through the VPN without exception – the “kill switch.” No VPN, no internet access, period.
Trouble is, when I enable the kill switch, the WAN option in the interface disappears.
How do I use them both at the same time?
What do you mean, more specifically? Do you need some traffic to show your public IP but have other devices explicitly use the VPN?
This is related to my previous ticket, found here –
I have my GL router behind an outer router, which is then connected to my cable modem. I want all the traffic from my “inner” network to be routed through the VPN unless the destination IP is in the “outer” network. I also want all traffic bound for the internet to be dropped if the VPN is inactive.
Currently I have the following settings:
I want “Block Non-VPN Traffic” enabled also, but when I enable it, the “Allow Access WAN” button disappears entirely and I’m no longer able to access machines on the outer network from the inner network.
I hope this helps clarify.
GL GUI → VPN → VPN Dashboard → Global Proxy → VPN Policy Base On The Target Domain Or IP → Accessing Following Domain/IP → Not Use VPN/Use VPN sounds about right.
Well, yeah. If you’re blocking everything non-VPN, there’s no need to explicitly set a set of firewall rules to allow a bypass to another subnet.
… so you want to block non-VPN traffic but also allow WAN traffic to your upper ring (let’s call it ‘Ring 0’) subnet to this one, Ring 1? That might be something possible via Customize Routing Rules but I’ve got no insight for 'ya there.
It could probably be done. This is after all, OpenWrt ‘under the hood’. You might need to employ LuCI (GL GUI → System → Advanced Settings). My firewall skills are less than stellar.
… but be sure to make periodic backups throughout your progress.
You’re trying to do conflicting things! If you enable the “kill switch” it logically cancels the other conflicting rule! In other words, if your traffic is able to reach the outer network, then it would not be called a “kill switch” - it violates the whole concept.
This is doable however using the method mentioned by bring.fringe18.
Okay, so if I want this kind of functionality I’ll need to set up some custom routing. I feared that might be the case X) Thanks!
As I said “ This is doable however using the method mentioned by bring.fringe18.”
The confusing this with this option is that it sounds like it’s going to apply all the time, but it only applies when the VPN is connected. I wish it applied all the time… “VPN policy based on the target regardless of vpn connection status”. When the VPN is not connected, and the rules say it should use the vpn, the traffic should be dropped.
