Why do my devices not lose internet access when I kill the OpenVPN connection?

I have set up OpenVPN and PBR to route certain devices through my VPN provider (NordVPN) instead of just straight to the internet. I was expecting the device to lose all connectivity to the internet if I force-broke the VPN (by disabling it in the OpenVPN tab of LuCI) however it just reverts to a standard WAN connection and the appaent IP address becomes my real IP address instead. I wanted a killswitch.

Is there something here I may misconfigured? I thought that the "Strict enforcement" settings of PBR was the primary thing that was supposed to make a killswitch.

In the example above, I was expecting that if I disabled OpenVPN then the TV at would lose connectivity to the internet, but it does not, it's apparent IP address simply reverts back to my real one (In reality I am testing this with my phone, not my TV, but the screenshot above was taken at a time where I had disabled that).

I'm going to guess that your firewall is the culprit here...

Do you have OpenVPN setup with its own firewall zone, or is it part of the wan zone? If it is on the wan zone, split it out. Then, you can simply disallow forwarding from lan > wan, and only allow lan > vpn

Silly me, I forgot to include that page.

Please see below.

remove the lan > wan forwarding.

Won't that cause all non-VPN devices to lose internet connectivity?


I'm not an expert on PBR, so there may be other things to do there, but you can also split the VPN devices into a separate network that is governed by PBR + no forwarding to wan.

Add the interface name to the list of supported interfaces.
It should work this way, but better change the name to lower case (in the network and pbr config).