I want to force all clients go through my VPN Connection to the internet not over my DSL Router that is used as WAN interface in LEDE Router to make connection to the VPN Provider.
When I do this in my Firewall settings completly disable NAT on my WAN device and I disconnect VPN I get not internet connection on the clients. But I want to make sure I do this right.
The Config is correct all connections from clients goes over VPN but I just want to make sure I am right!
In my case it seems to work if VPN is down all clients lose connection to the internet.
If I Enable Masquerading and MSS Clamping on WAN interface all clients gets internet even if VPN-Connection is down! - This is not what I want!
If I Disable Masquerading and MSS Clamping on the WAN interface the Router itself still can connect to the ISP Router and to the Internet but all Clients behind the LEDE Router have no Internet access until VPN-Connection is up again. - This is what I want!
My goal is to prevent any leak of real ISP IP Address from my clients. I don't make any profit with this I just want to provide Free Internet Access for everybody who is nearby my location. VPN is protecting me from Copyright claims and any lawsuits.
No discussion about trust of VPN Providers, my VPN Provider is like Riseup based on donations and it is 100% trust worth it!
If my Configuration is correct I do not need to fear anything!
Do you need any configuration details to check if I am right configured?
Okay I was able to fix everything. The VPN makes a secure Connection for all clients. No client will leak the ISP IP anymore! Next Project is MWAN3 using multiple slow VPN Tunnels and combine them to make a possible fast connection with multiple stream connections. But if I have question I will open a seperate thread about it.
