Need help to set up kill switch (network lock) for VPN router ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

Need help to set up kill switch (network lock) for VPN router ER605

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
Need help to set up kill switch (network lock) for VPN router ER605
Need help to set up kill switch (network lock) for VPN router ER605
2023-09-16 23:24:34 - last edited 2023-09-26 19:51:40
Tags: #Kill switch
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2 Build 20230210 Rel.62992

I have two ER605 routers connected via a client-site L2TP VPN connection. The L2TP client has no problem connecting to the L2TP server in the remote router, but the problem is that if the VPN connection drops, the client will connect to my local internet connection and will reveal my local internet IP address. The ER605 does not have a kill switch (network lock) and, for that reason, I need help to create a kill switch on the client side so that the internet does not work if the VPN connection fails. Please let me know if there is a way to create a kill switch using routing policies or firewall rules to prevent my devices from connecting to my local internet connection if the VPN connection fails.

  0      
  0      
#1
Options
3 Reply
Re:Need help to set up kill switch (network lock) for VPN router ER605
2023-09-17 08:33:08 - last edited 2023-09-26 19:51:40

  @Rigaro 

I'm not completely sure, but from what I can see, on the client ER605, you set up an IP Group to cover the required client addresses, then use Policy routing, selecting the IP group, the L2TP tunnel connection as the WAN and the mode as Only.

  1  
  1  
#2
Options
Re:Need help to set up kill switch (network lock) for VPN router ER605
2023-09-18 16:35:37
I found a solution using routing rules with "only option" and firewall rules to block any access to my local ISP when the VPN is disabled or the remote ER605 modem is down. That solution partially works because there is a 15-second window that allows any IP detection tool to detect my local IP. After about 15 seconds, all devices connected to my local ER605 stop accessing the internet until the VPN connection is re-established. Therefore, there must be a much better way to implement a "kill switch" that avoids the 15-second DNS leak period that allows the detection of my local public IP
  0  
  0  
#3
Options
Re:Need help to set up kill switch (network lock) for VPN router ER605
2024-01-14 18:44:47

  @Rigaro Could you explain the rules that you set? because I wasn't able to configure that workaround.

 

On the other hand, I figured out a problem with the load balancing because I set my VPN interface as always on , the device doesn't respect that configuration the device changed the config alone. There is a big bug here.

If I use only use routing rules there are a cuple of second where I can see my other ip . It is a mess ..... 

  0  
  0  
#4
Options