Good morning all.

I have a few machines in the house which should be connecting to the internet only though a VPN. Originally, i set the VPN connection on them and blocked all outgoing traffic, except for connections to the VPN server. this worked well, but only for 1 machine (my VPN provider only allows one connection at a time). So, i setup a VPN client on my RB1100, and i am now sending all traffic from the IP addresses though the VPN connection...

One question though: If the VPN goes down, how do i make sure the connections dont "leak" and use the non VPN connection? I have a mangle rule set to mark routing to VPN when the client is in the source address list. and in routes, i have a route marked as routing_mark = vpn. but in routes i also have 4 WAN routes, 2 set with routing mark wan1 or 2, and 2 blank routes... the 2 blank have distance of 2, and the 2 non blank, including the VPN have distance of 1...

I dont know if "leaking" is actually happening, but i would like to know if it is and how to solve it...

Thanks.

I have a setup where I have VPN where some internal IP's are routed through and the rest use normal WAN. What I do is I setup address lists for WAN and for VPN and when natting I only let the address list ip's go through each nat rule. Works great.

Thanks for the reply. I have tried that, but there still seems to be traffic "leaking" out and using non VPN connections... mind you, it could be existing connections which have "leaked" and are not reconnected, so i will leave it for a few hours and see what happens... Thanks again!

You will not have leaks if you have add the access to NAT interface only to the clients in the list, dont forget to add your routers ip to the WAN nat too. Its important that you also have this for WAN nat.

Thanks. I realised after that the "leaking" was not from the VPN machines, but from something else on the network... *facepalm*. I have the VPN NAT rule set to allow only devices on the VPN address list, and the other 2 to allow all devices *except* those on the VPN address list... All seems well so far!

Thanks!