Problem I have is, if I don't want to be all VPN'ed, eg. when I'm trying to download a 28Gb file that looks like it's going to take 15 hours....how's THAT work?
I SSH'ed in and did a 'service openvpn stop' and I lost my internet. So I started openvpn back up, and some devices were connected but not all. In the midst of troubleshooting my VOIP phone not connecting - the entire WAN interface dropped. I was still connected to the router though, both the GUI and SSH were active. SO, I gave it a 'reboot' command from the CLI and that fixed things.
I suspect the other VPNish changes I made were the cause. Must I roll back firewall/dhcp/dns mods in addition to stopping openvpn service? Guess I'll need to hammer out what's needed and throw it all into a shell script for future use.
Any thoughts? Point in the right direction is much appreciated!
I decided to use one device and protect that for VPN uploads/downloads as I have Super fast Virgin fibre (well i couldnt turn down the kind offer of 500Mbs could I) and even the best VPN provider isnt going to get anywhere near those speeds. Have a look at my post:
I can then stipulate which devices to pass through the VPN gateway.
Many thanks! Yea, I just realized that 'vpn leakage' section is only optional and is most likely the culprit. My bad for not seeing that myself. It's a good idea to have in place though, which is why I did it - if that tunnel drops w/o me knowing, I want all traffic to drop. I've just got to handle managing that gracefully for those times I want to drop the VPN. That script should work with a couple of minor tweaks, I'll let you know how it goes.
You were all over that and I thank you for your help - spot on!
Rather than over complicate the solution with sed and/or awk commands, I just used a simple file remove/rename and replace method. Then I commit the firewall and commit again (do I need both or does 'uci commit' encompass both)? In any case, my 'downvpn.sh' and 'upvpn.sh' does the trick. Hopefully this can help any other nordvpn users wanting to bring their tunnel down gracefully when not wanted and back up again successfully. Fully vetted on OpenWrt 18.06.4, r7808-ef686b7292.
my 'downvpn.sh' just comments out the rule we inserted as per the nordvpn instructions and removes the 99-prevent-leak (I made a copy first in /root/ to copy back in upvpn later)...