VPN-Kill-Switch on V3.x


my question is regarding the kill switch in combination with usage of OpvenVPN connection. I know, that the connection is killed automatically in V3.x when the connection to VPN server is lost, but what are following options in the advanced settings (see my screenshot) - Bring up on boot is logically, but what is Force Link?

For kill switch, we just disable lan zone forward to wan zone in firewall.

This force link is interface’s property. Specifies whether ip address, route, and optionally gateway are assigned to the interface regardless of the link being active (‘1’) or only after the link has become active (‘0’); when set to ‘1’, carrier sense events do not invoke hotplug handlers.

Thanks for the replay.

“For kill switch, we just disable lan zone forward to wan zone in firewall.” → Is this automatically configured as a standard setting or do I have to configure it manually? If I have to do it manually, is there some tutorial (I’m beginner).

The kill switch is enforced automatically - as far as I understand it, this means that once you have clicked “connect” in the VPN settings, then the forwarding rule is disabled until you click “disconnect” and holds even after a reboot.

OK - thank you for the information!

For the kill switch, there was a couple of things I’d like to know if possible:

  1. Is it possible for me to exclude a domain from kill switch (VPN policies perhaps?) that would allow it to still run even when kill switch = on?

  2. Rather than page not found errors when kill switch is on could I redirect to an error page or GL UI to alert that connection has dropped so I know it’s not just a general internet problem? (I was thinking nodogsplash for this but perhaps that would be overkill)

1 Like

I think that @zimo 's point number 2 is a great idea.
this makes things easier and clearer on a day-to-day use of the devices.
even a blank html page with “VPN down” would be very useful.

I think both could be done. Will put on development schedule.

1 Like

That sounds like a good feature for development schedule.

As @kyson-lok mentioned with kill switch function being used to “disable lan zone forward to wan zone in firewall”. Where would I find the kill switch script so I could try to make a modification where a domain can be excluded? - happy to have a go myself if I can access the script.

So do I understand correctly that currently (3.104 and 3.105) the VPN kill switch overrides all other VPN policies? If enabled, no client on the LAN can connect to the internet when the router is not connected to a VPN?

Does this also apply to the router processes if that option is enabled in the settings? Will all router processes also not be able to connect to the internet if the router is not connected to a VPN?

Thank you.

You are right about the first half.

The router still need to access the Internet regardless of the kill switch. It needs Internet connection to build the vpn tunnel.