This post is to everyone that have openvpn configured in a dd-wrt router and wants to block all connections through the ISP if the VPN connection fails, avoiding leaking our real ISP IP.
I setup the connection to AIRVPN servers using the tutorial in https://airvpn.org/ddwrt and then insert following line to the firewall rules: "iptables -I FORWARD -i br0 -o vlan2 -j DROP"
- br0 is the bridge with my lan ports & wireless
- vlan2 is my WAN port connected to the modem ISP
So if there is any connection starting from my lan or wifi to the wan port the firewall of the router blocks the connection.
My firewall rules are like this:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE
[STAFF EDIT] In case you apply Policy Based Routing, please see here as well:
Check the interface names and make sure to enter the correct names (in your firmware the tun interface might be tun1 or tun0, etc.).