How can I create a "kill switch" when the ER605 is not connected to the OpenVPN server?
I successfully created an OpenVPN tunnel through my paid PIA VPN service. But when I disable the VPN Client manually, traffic routes back through my main network.
My configuration is very vanilla. I reset the router to factory, programmed the VPN Client, and that's it. It works great when I enable the VPN, traffic gets routed correctly, but when I disable the VPN Client, it's like a normal router passing traffic through my main ISP.
How can I stop traffic from leaving when there's a connection problem to the VPN service? I know it's gotta be easy, but I'm not too familiar with Policies and Rule sets.
Could there be some way to create a VLAN for the VPN, and somehow only allow traffic through the VLAN (VPN), and not the main network?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @MrTom
Thanks for posting in our business forum.
If you can access the website without PIA, there is no function on the router to stop you from accessing it.
I don't think this is possible. Completely cutting off your Internet access is not something a router should do. I have not seen anything of software or hardware doing so.
Consider the software installed on the computer/app to show you the notification when the VPN is disconnected. The router does not push notifications like a kill switch.
When a VPN connection is down, the website will be disconnected from the last session which is the case now. But if you refresh it after when it is down, that's human error.
Any routing features now are not designed to do so.
- Copy Link
- Report Inappropriate Content
@Clive_A I found this thread saying there was a plan to "optimize the VPN tunnel switch mechanism to address the problem" in Q3. Other routers have an option to stop network leaks over the WAN should the VPN connection fail. Even the PIA software has a kill switch.
It would just be nice to have a dedicated VPN router that only allows traffic through the VPN, and would stop traffic otherwise. It's kind of the whole point of using a VPN, to route traffic to where it needs to go, and block where it does not. The router would need to be a networking brick if it can't establish a connection.
- Copy Link
- Report Inappropriate Content
Hi @MrTom
Thanks for posting in our business forum.
MrTom wrote
@Clive_A I found this thread saying there was a plan to "optimize the VPN tunnel switch mechanism to address the problem" in Q3. Other routers have an option to stop network leaks over the WAN should the VPN connection fail. Even the PIA software has a kill switch.
It would just be nice to have a dedicated VPN router that only allows traffic through the VPN, and would stop traffic otherwise. It's kind of the whole point of using a VPN, to route traffic to where it needs to go, and block where it does not. The router would need to be a networking brick if it can't establish a connection.
That has been updated.
We do not support Kill Switch and none of the Omada models have this feature. I think this is the same for the home products(Archer/Deco).
That's your way of utilizing a VPN. It is more like a home environment. Our product targets users who access their home/business network when traveling or create a site-to-site network between two locations for local management and sharing. That's our main focus. The connection to a PIA is simply a side-product of the VPN function. This is also a reason why the PBR for other types of VPNs is not placed as a high priority. Those who requested the PBR got a similar user case like you.
- Copy Link
- Report Inappropriate Content
@Clive_A Ok, thanks for the clearification. So there's no other way to divert traffic away from the main WAN when the VPN disconnects?
Even in a business environment I could see this useful, where you would want your machines in building A to only access the networking in building B. But when the VPN disconnects, building A machines will fall back to using the network in build A. Oh well, I get that it's not an option you're willing to implement, so I'll have to find an alternate method.
- Copy Link
- Report Inappropriate Content
Hi @MrTom
Thanks for posting in our business forum.
MrTom wrote
@Clive_A Ok, thanks for the clearification. So there's no other way to divert traffic away from the main WAN when the VPN disconnects?
Even in a business environment I could see this useful, where you would want your machines in building A to only access the networking in building B. But when the VPN disconnects, building A machines will fall back to using the network in build A. Oh well, I get that it's not an option you're willing to implement, so I'll have to find an alternate method.
Unfortunately, there is no other way to do this. The PBR support for OVPN is scheduled, which supports ONLY mode. You might take a look at this feature to learn about this. It could be helpful in the future to environment like yours.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 73
Replies: 5
Voters 0
No one has voted for it yet.