How to auto-block connection if vpn is dropped

hololite · July 19, 2020, 3:02am

Is there a way to configure the openvpn client so that all outgoing connection are automatically blocked if the vpn connection is dropped or the vpn client can't establish connection?
I don't see setting for it in luci/web interface, but maybe available in the cli?

thank you.

vgaetera · July 19, 2020, 3:51am

Use a separate firewall zone for the VPN interface and disable the LAN to WAN forwarding.

hololite · July 19, 2020, 3:54am

Basically something like the following?

allow traffic from lan to vpn
deny traffic from lan to wan

trendy · July 19, 2020, 4:45am

If you don't allow it, it will be denied.

hololite · July 19, 2020, 4:52am

Got it. The default action is deny.