How to enable fail secure for VPN client

Hi, I'm very new to Openwrt, just purchased tplink c2600 and flash it with openwrt code, now i've configured vpn client to work with the vpn vendor. Two Question:

  1. is there way to config failsafe for the internet connection, meaning if i lost connection to the vpn, all internet service will be blocked..

  2. Wondering how to configure to autostart the vpn if my connection drops, is there openwrt app in place that has the feature..

Thanks so much!!

D.Y

To achieve a fail-secure situation, make sure your VPN is on a separate firewall zone relative to the WAN and LAN. Then, in the firewall config, allow forwarding from LAN > VPN and remove the rule that allows forwarding from LAN > WAN.

2 Likes

Thanks, i will try it out.

Also block all WAN-interface traffic (including output) except for that required for acquiring and renewing DHCP and the VPN if you want to block the router itself except over the VPN.