Accepted Add kill switch to ER605 routers
I have two ER605 routers connected via a client-site L2TP VPN connection. The L2TP client has no problem connecting to the L2TP server in the remote router, but the problem is that if the VPN connection drops, the client will connect to my local internet connection and will reveal my local internet IP address. The ER605 does not have a kill switch (network lock) and, for that reason, I need help to create a kill switch on the client side so that the internet does not work if the VPN connection fails.
Please add the kill switch feature so that there is no need to create it using routing rules, firewall rules, and/or access control rules. That will make vpn safer and make it easier for users.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @Rigaro
Rigaro wrote
AsusWRT Merlin has a built-in killswitch that ensures nothing will leak over the WAN connection. This is a very important feature that some ASUS routers have built-in to ensure that all internet traffic goes through the remote ISP. If the VPN fails my devices will not access the internet through my local ISP.
Just to be clear, if I have two ER605 VPN routers, I don't need a solution that implies connecting to 3rd party solutions like Nord VP or Express VPN. I need to be able to do this without any DNS leaks.
I found a solution using routing rules with "only option" and firewall rules to block any access to my local ISP when the VPN is disabled or the remote ER605 modem is down. That solution partially works because there is a 15-second window that allows any tool IP detection tool to detect my local IP. After about 15 seconds, all devices connected to my local ER605 stop accessing the internet until the VPN connection is re-established.
Therefore, there must be a much better way to implement a "kill switch" that avoids the 15-second DNS leak.
An update to this, regarding the issue you reported and the feature request, we plan to optimize this in Q3. The kill switch button is not gonna be available but we will optimize the VPN tunnel switch mechanism to address the problem.
ER605 V2 and ER8411 will be optimized in high priority and following the other models.
Please note that this will involve an adapted firmware, not just a controller update. Firmware development is a complex process, and timelines may change. Therefore, we cannot provide a specific release date at this time. Please stay tuned to future firmware release notes for updates.
When introducing a feature like this, we typically apply it uniformly across all models to ensure consistency and a seamless user experience.
However, it's essential to acknowledge that hardware limitations may exist, which might prevent us from adding the feature to certain models. In such cases, we cannot provide individual notifications explaining the reason. Please note that we cannot guarantee the fulfillment of all requests, and we must set clear expectations upfront.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Clive_A wrote
Hi @Rigaro
Thanks for posting in our business forum.
Can you point out a brand/vendor that supports this feature on their routers?
MisterW gave the solution by using the Policy Routing. That's the only proper way to use it.
CUDY R700, a cheaper alternative to ER605, has the same chipset but smaller flash and ram.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 7
Views: 2788
Replies: 23