Kill switch for all except wifi

i configured openvpn successfully connected, just i want do this configuration:
if vpn goes offline all network disable just wifi not be disabled
its possible? how?


simply remove the lan zone > wan zone forwarding rule in the firewall. This will prevent any lan traffic from egressing via the wan... all traffic will have to traverse the tunnel or not at all.

Keep in mind that this will also disable your wifi network's internet access... if you want to keep the internet access on wifi running even when the VPN is down, you'll need to create a second lan and associate it with wifi.

1 Like

i just rejected all things on lan at firewall, and now i cant connect to the router local IP, but vpn connected, and works fine,
now i dont know how to going to admin panel lol

I didn’t say you should do that. Not sure why you decided to change the lan zone input policy.

Yup. Makes sense.

You need to use failsafe mode to fix the lan firewall zone. Input should be accept (as well as output and forward).

It is too complicated. The simplest approach is to implement kill-switch for all without exceptions.

sorry to continu on it but if I implement kill switch for all, only devices on vpn will be killed?

Last we left it with the OP, all devices are using the VPN, therefore...

this idea means that everything will be cut off from internet if the VPN goes down.

What do you want to happen? If you want to have some devices use the VPN and others bypass it, that requires a significantly more complicated setup.

Please state your goal as specifically as you can... in fact, it would probably be good to for you to start your own thread for this if you have unique requirements.

In fact, I use PBR, some devices are on WG, some on WAN, I wondered if I enable Strict enforcement if the devices on wan will be kill too or just them on wg, but if I understand all network finaly

@PerkelSimon - this is probably a question for a new thread, specifically dealing with PBR (which the OP here is not).

1 Like