Preventing IP/Traffic Leak - Even when VPN Disabled

I realize that the VPN has been designed to prevent any IP leaks.

If I wanted to take this one step further and add a “double kill switch” for a particular client IP, i.e. one that is statically assigned, what would be the best method to do this?

Is there a certain iptables rule that should be used in the startup firewall script? Even if VPN is “stopped” I would not want certain hosts to reach the internet. They’d all have static IP.



This is the default behavior if you use vpn.

You have to start the vpn by clicking “connect”. If vpn is not connected, you will not have Internet.

If you want to use for a particular IP, you may need vpn policy.

Do you have a recommended VPN policy to use or would you be able to walk me through the steps? I do have a linux background but am generally a novice at these types of endeavours. I realise it’s probably easy, so any help you could provide would be welcomed.

If you flash the latest testing firmware, you can follow the guide here: