Btw. this one still shows my original home town and country, even though I have disabled IP v.6. What to do please ?
P. S.: When I open https://ipv6.ipleak.net/ on my laptop, it says "... trouble finding that site." So probably it's OK ? Please advise.
Many thanks!
Apparently there's a flaw in the guide, so the script fails.
It's probably a dynamic kill-switch, but it doesn't look quite reliable.
Disable the LAN-to-WAN forwarding if you want to implement it properly.
Also disable your upstream IPv6 interface to stop the leaks.
uci set firewall.@forwarding[0].enabled="0"
uci commit firewall
/etc/init.d/firewall restart
uci set network.wan6.disabled="1"
uci commit network
/etc/init.d/network restart
/etc/init.d/openvpn restart
Dear vgaetera,
could you please kindly provide a list of steps (ideally with some guidance or at least naming the commands to be used) needed to implement the leak prevention correctly ?
I just disabled IP v. 6 using this guide:
Is that all I need to do ? Many thanks!
If you leave contents of /etc/firewall.user, you should have 99-prevent-leak! /etc/firewall.user blocks forwarding, 99-prevent-leak blocks it, AND RESTORES it.
OK, old firmware does not accept modern certificates, concerning https://ifconfig.me
The simplest kill-switch is implemented in two independent steps, you can use, any, of both:
masq=1 in wan zone of /etc/config/firewall#config forwarding
# option src lan
# option dest wan
It is first version of kill-switch, and it works in firmware with iptables. I wrote to them concerning modern version, but the answer was, that it works, so no need in modification.
Many thanks, ulmwind! It looks simple indeed. I will do this soon.
Thanks a lot for the great help and take care!
OK, you are welcome! I recommend to install current version of OpenWRT 23.05.0, openvpn-mbedtls occupies very little space in comparison with openvpn-openssl, so 8M flash carries it 
Dear ulmwind,
I have no problem with space. I am running OpenWRT off of a USB flash drive, so I have plenty of space - gigabytes...
It's rather that I am not good at OpenWRT and I see that even my Linux skills are no longer what they used to be, things are changing quickly.
This is a gift from a friend - he was running a totally alien configuration on it, it looked like a corporate network with a ton if WLANs etc.
So even this guy said - I wouldn't dare to upgrade it, so even if a guru like him tells that...
If I install a new version, I believe I won't be capable of configuring it.
The evening I got the gift, we spent around 4 hours with my friend to set everything up for my needs. And my needs are nothing compared to his setup and we even had about 100 pages PDF that he had written for the purpose... This is my fear from upgrading and I rather think that I will finally start using the router instead of further investing a ton of time into it, time which I need to invest in learning other things...
Thank you!
I have chosen the 1st option, as it is just quicker and easier and it seems to be working fine. I did
service openvpn stop
and I couldn't open any website. When I did
service openvpn start
then the internet connection on the laptop was working fine, so I guess I am good now 
MANY THANKS for the great support and answering ALL my question! I have NEVER witnessed such kind and effective support and quick replies even as a paying Customer at work !! You are FIRST CLASS! Cheers
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.