7
Votes

Add kill switch to ER605 routers

 
7
Votes

Add kill switch to ER605 routers

23 Reply
Re:Add kill switch to ER605 routers-Solution
2024-06-25 06:49:25 - last edited 2024-06-25 06:49:30

Hi @Rigaro 

Rigaro wrote

  @Clive_A 

 

AsusWRT Merlin has a built-in killswitch that ensures nothing will leak over the WAN connection. This is a very important feature that some ASUS routers have built-in to ensure that all internet traffic goes through the remote ISP. If the VPN fails my devices will not access the internet through my local ISP. 

 

Just to be clear, if I have two ER605 VPN routers, I don't need a solution that implies connecting to 3rd party solutions like Nord VP or Express VPN. I need to be able to do this without any DNS leaks. 

 

I found a solution using routing rules with "only option" and firewall rules to block any access to my local ISP when the VPN is disabled or the remote ER605 modem is down. That solution partially works because there is a 15-second window that allows any tool IP detection tool to detect my local IP. After about 15 seconds, all devices connected to my local ER605 stop accessing the internet until the VPN connection is re-established.

 

Therefore, there must be a much better way to implement a "kill switch" that avoids the 15-second DNS leak.

 

 

An update to this, regarding the issue you reported and the feature request, we plan to optimize this in Q3. The kill switch button is not gonna be available but we will optimize the VPN tunnel switch mechanism to address the problem.

ER605 V2 and ER8411 will be optimized in high priority and following the other models. 

 

Please note that this will involve an adapted firmware, not just a controller update. Firmware development is a complex process, and timelines may change. Therefore, we cannot provide a specific release date at this time. Please stay tuned to future firmware release notes for updates.

When introducing a feature like this, we typically apply it uniformly across all models to ensure consistency and a seamless user experience.

However, it's essential to acknowledge that hardware limitations may exist, which might prevent us from adding the feature to certain models. In such cases, we cannot provide individual notifications explaining the reason. Please note that we cannot guarantee the fulfillment of all requests, and we must set clear expectations upfront.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
Recommended Solution
#22
Options
Re:Add kill switch to ER605 routers
2024-06-26 09:47:43
@Clive Thanks a lot for listening to my suggestion. As mentioned in this thread, the main point here is not necessarily the implementation of a killswitch. Instead, the most important outcome is that the routing and the firewall rules work as expected and any traffic to my local internet connection is blocked immediately when the VPN connection fails. The 15-second gap between the VPN connection loss and the local internet blocking must be zero. Regards
#23
Options
Re:Add kill switch to ER605 routers
Tuesday - last edited Tuesday

Clive_A wrote

Hi @Rigaro 

Thanks for posting in our business forum.

Can you point out a brand/vendor that supports this feature on their routers?

MisterW gave the solution by using the Policy Routing. That's the only proper way to use it.

  @Clive_A 

CUDY R700, a cheaper alternative to ER605, has the same chipset but smaller flash and ram.

#24
Options