OpenVPN "kill switch"

Is there any configuration or package that can kills the internet connection to the devices served by the VPN tunnel when the VPN is down?
For some reason I experience DNS leak when connecting to some locations via OpenVPN. How can I plug the leak.
I'm using a WRT1200AC router and ExpressVPN for privacy.

Thank you

Just remove the firewall rule that allows forwarding from the network to WAN. It should look something like this:

config forwarding
	option dest 'wan'
	option src 'lan'
1 Like

Same question, did the same - but what about the router itself? The WRT can still access the net!

dbischof90, I answered it in your topic. In case someone else is interested in the answer.

@dbischof90 - The router, by definition, must always have access to the internet, or else it would not be able to contact the VPN server to establish the tunnel in the first place. You might be able to construct firewall rules to limit outgoing traffic -- only allowing certain destination hosts, for example -- but it might end up causing lots of headaches.