Thanks for your answer
Well if I apply your configurations and then the Router B is disconected, that's mean that the devices attached to router A now will go out to internet via Router A (ISP Claro). ¿that's Right?
Basically we could call this as a failover envoriment. Right?
On A, temporarily shut down zerotier with the command service zerotier stop(*). Then run a route -n and observe that it is only the standard 3 entries: the LAN, the WAN, and a default route via a gateway on the WAN.
If you have removed lan-wan forwarding, the machines on A's LAN should now be unable to reach the Internet. Router A itself will still be able to reach the Internet, as it is using a local interface not a forward.
- Obviously do this from a machine on A's LAN, not via the zerotier link!
Thanks for your answer
But I want that all devices attached to Router A go out to internet when the VPN connection to Router B fails.
I thought that you wanted kill switch. If you do want to allow direct Internet while the VPN is down, change it back to allow lan->wan forwarding.
You likely will also need to stop zerotier manually on A when there is a problem at router B, since otherwise A will keep trying to use the zerotier routes (it is not going to be aware that B is not working). Stopping the zerotier process on A will remove the routes and return to direct lan->wan routing.
If it's going to be switching back and forth a lot, it could be automated by using mwan3 to detect a problem with the VPN and force a failover.
Thanks master! You are the king!
I did a video to share de experience. Thanks @mk24 for your helpful replies
Example and configuration for this
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.