Jump to content


Photo

How to block all traffic with DD-WRT if VPN connection fails

DD-WRT Tomato iptables

  • This topic is locked This topic is locked
1 reply to this topic

#1 fribeiro123

fribeiro123

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 22 September 2012 - 01:41 PM

Hello,

This post is to everyone that have openvpn configured in a dd-wrt router and wants to block all connections through the ISP if the VPN connection fails, avoiding leaking our real ISP IP.

I setup the connection to AIRVPN servers using the tutorial in https://airvpn.org/ddwrt and then insert following line to the firewall rules: "iptables -I FORWARD -i br0 -o vlan2 -j DROP"
- br0 is the bridge with my lan ports & wireless
- vlan2 is my WAN port connected to the modem ISP

So if there is any connection starting from my lan or wifi to the wan port the firewall of the router blocks the connection.

My firewall rules are like this:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE

 

[STAFF EDIT] In case you apply Policy Based Routing, please see here as well:

http://www.dd-wrt.com/phpBB2/viewtopic.php?p=777788

Check the interface names and make sure to enter the correct names (in your firmware the tun interface might be tun1 or tun0, etc.).



#2 DPurnell

DPurnell

    Newbie

  • Members
  • Pip
  • 9 posts

Posted 28 December 2012 - 03:50 PM

Thank you, this worked for me!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Users: 14443 - BW: 44988 Mbit/sYour IP: 54.166.199.178Guest Access.