Community discussions

MikroTik App
 
Panhan11
just joined
Topic Author
Posts: 4
Joined: Tue Apr 25, 2017 9:00 pm

Router kill switch - vpn

Tue Apr 25, 2017 9:40 pm

Hello

I have Mikrotik rb941, im using this router as vpn client, with [REDACTED] vpn provider. I set up everything with this guide https://support.[REDACTED].com/mikrotik-sstp and its working fine. But now i want to add kill switch to my router, kill switch that kill all connection on router if vpn stop working, How i can do that?
 
Van9018
Long time Member
Long time Member
Posts: 523
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: Router kill switch - vpn

Tue Apr 25, 2017 10:28 pm

You can add a firewall rule to block all packets outbound the WAN interface in the FORWARD chain. The FORWARD chain only applies to packets going through the router, not packets that originate from the router which means your VPN Client on the router will still work.

Move that rule to the top.
 
Panhan11
just joined
Topic Author
Posts: 4
Joined: Tue Apr 25, 2017 9:00 pm

Re: Router kill switch - vpn

Tue Apr 25, 2017 10:56 pm

Thank you for your answer. Can you elaborate more about this, give me some guide? Im sorry but im a beginner.
 
Panhan11
just joined
Topic Author
Posts: 4
Joined: Tue Apr 25, 2017 9:00 pm

Re: Router kill switch - vpn

Sun Apr 30, 2017 5:00 pm

Any help? Im sorry im asking about so trivial question, but i really dont know how to set up kill switch for my router.
 
Van9018
Long time Member
Long time Member
Posts: 523
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: Router kill switch - vpn

Tue May 02, 2017 5:59 am

Under IP > Firewall > Filter, add a rule. Chain=Forward. Out Interface=WAN, Action=Drop
Then drag and drop the rule to the top of the list.

When traffic originates from the router, the firewall rules in the OUTPUT chain are applied. When traffic is destined to the router (meaning it has the WAN interface's IP, and there is no matching NAT rule to forward the traffic to a private IP), then the traffic will follow the INPUT rule. When traffic passes through the router, such as internet traffic from PCs inside your LAN, then the FORWARD is applied. The rule we just created blocks all traffic from passing through your wan that is going out the WAN. So now traffic can either go out the VPN client via routing rules, or it'll get dropped.
 
Panhan11
just joined
Topic Author
Posts: 4
Joined: Tue Apr 25, 2017 9:00 pm

Re: Router kill switch - vpn

Tue Jun 06, 2017 6:36 pm

Thank you!
I would like to ask to be sure, if i set everything correctly.

So on my Mikrotik rb941 i set up Under IP > Firewall > Filter rules >add rule>. Chain=Forward. Out Interface=ether1 , Action=Drop, this new rule is number 1 on the list now.

And now traffic can go out only via VPN yes?
 
Van9018
Long time Member
Long time Member
Posts: 523
Joined: Mon Jun 16, 2014 6:26 pm
Location: Canada - Abbotsford

Re: Router kill switch - vpn

Fri Jun 09, 2017 10:49 pm

I believe that's correct. Test it.. Check whatsmyip.org to see if you have the IP from the VPN provider. Disable vpn client, which will cause traffic to go out WAN. Then enable filter rule. Traffic should stop. Re-enable vpn client and then internet should work again, going through vpn.

Who is online

Users browsing this forum: mkx and 77 guests