No internet connection after disabling openvpn


I used openwrt on my GL.iNet150. I used the openvpn script from ipredator website to configure openvpn. All is working fine so far.

My final goal would be to use the physical switch to disable/enable the openvpn tunnel but the first problem is, that if I disable the openvpn via webinterface or /etc/init.d/openvpn stop, I am not able to browse to the internet (not via ip and not via fqdn).

If I restart the openvpn I am able to see the following log entries:

If I check the route via route -n before and after restarting I am able to see the following

Does anyone has an idea or hint for me ?


Sounds like there's a kill switch in-use, preventing connectivity if the tunnel is down. If I recall correctly, there's a 'Force VPN' checkbox somewhere, which you'll need to untick.

Hi tectonic,
I didn't find any kill-switch in the web-ui and I didn't find it in the cli. Do you have any hint ?

If you’re running GL.iNet firmware, it often uses the toggle switch many GL.iNet devices have to set “mode”.

Yes I used the GL-iNet firmware. I used the physical switch but nothing happened.

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)
I don't what this means. Did I something wrong ?

It's fine but your issue requires non-standard approach.

Please, provide the exact link.

Hi vgaetera,

the link to the script is:


Hello vgaetera,

thank you for the hint. I learned a lot when I implemented and checked the uci show parameter.

Unfortunately after implementing the settings I am not able to browse to the internet, regardless of using /etc/openvpn/ up or down. I am not even able to ping

I pasted the output for uci show here:
Maybe you still have some hint for me.


Hello vgaetera,

now I see another issues. Here the steps I reproduced multiple times:

  1. Restart Router
  2. Ping is possible, connection is unencrypted ( shows the real ip)
  3. Use /etc/openvpn/ up
  4. No ping to possible
  5. Use /etc/openvpn/ down
  6. Ping is possible again, connection is unencrypted ( shows the real ip)
  7. Use /etc/openvpn/ up
  8. Ping is still possible, connection is unencrypted ( shows the real ip)


I restarted the router again and used the commands provided from your side.
This was the output:

Even it looks like that the vpn connection was established I still see the original ip address when I use

Unfortunately OpenWrt web interface doesn't make difference between the process and the result because OpenVPN service doesn't interact with network service.
The log you posted indicates that the connection is not established yet and there's even a failed authentication attempt leading to an unfinished re-connection attempt:

A successuful connection attempt should end with the message:

# Fix configuration
uci rename firewall.@zone[0]="lan"
uci rename firewall.@zone[1]="wan"
uci set firewall.lan.forward="ACCEPT"
uci set firewall.wan.input="REJECT"
uci set firewall.wan.masq="1"
uci set firewall.wan.mtu_fix="1"
uci set firewall.lan_wan="forwarding"
uci set firewall.lan_wan.src="lan"
uci set firewall.lan_wan.dest="wan"
uci set firewall.lan_wan.enabled="0"
uci commit firewall
/etc/init.d/firewall restart
uci -q delete openvpn.IPredator.script_security
uci -q delete openvpn.IPredator.up
uci -q delete openvpn.IPredator.down
uci commit openvpn
/etc/init.d/openvpn restart

# Kill switch
cat << "EOF" > /etc/openvpn/
if pgrep openvpn
uci set firewall.lan_wan.enabled="1"
/etc/init.d/openvpn stop &
uci set firewall.lan_wan.enabled="0"
/etc/init.d/openvpn start &
/etc/init.d/firewall restart &
chmod +x /etc/openvpn/

This will keep the state of LAN to WAN forwarding until you run the script or reboot.
There was a fatal flaw in the original concept, that the OpenVPN down script is not guaranteed to be invoked upon the service stop action.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.