I have a RB951G-2HnD with a L2TP VPN client interface configured. I have set up access to the internet through the tunnel using a mark as explained in this tutorial:
I would like to add to the configuration that the internet becomes unreachable when the VPN client is down as I don’t want to connect without going through the VPN under any circumstances. What would be the best way to go about that?
You can ping a VPN endpoint and then take an action when it is up or down…like enabling a firewall rule to block all traffic out a certain port to the Internet or changing the routes.
It seems unnecessary to ping an external server though; could I not detect whether the L2TP client interface within my own router is down and block traffic then?
Could I, for example, remove the route to the internet for all connections that are not going through the L2TP client altogether? So all traffic goes through the VPN interface and there’s no way of getting to the internet if the VPN is down.
Or maybe it’d be easier to create a firewall rule that checks the state of the L2TP client and blocks all outgoing traffic if it isn’t connected?