i have activate the kill switch for Openvpn, this works for devices, but the router can connect to the internet after disconnect the vpn, but the openwrt network Diagnosis send data to the internet. Is this normal?
Yes, this is normal.
The "killswitch" is just a firewall rule (in the forward chain) that prevents lan clients from establishing connections through the wan interface.
If you want to restrict the router itself, you need to create rules in the output chain of the wan firewall zone.
Note that you need to allow connections to DNS, NTP, VPN server, etc., so if you don't have enough experience, you'd better not touch it.
1 Like
Hello, and thank your for your answer.
Can i build with luci a firewall, that send data from the router through vpn, excluded that what the router need to work with wan?
You really want to open that door, don't you?
OK, knock yourself out.
- Change the default output policy of the
wanfirewall zone to reject or drop.
- Create a traffic rule allowing connections to DNS, DHCP, NTP and OpenVPN servers (I assume you are using udp port 1194 to connect to the OpenVPN server).
Note that this is more or less a trial and error process and I may have missed some important service that you need to allow in order your router to work properly.
Good luck!
1 Like
Thank you for your answer.
Which port has TCP?
Can i reject Software of OpenWrt, if VPN is active?