Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
VPN Kill Switch
« previous
next »
Print
Pages: [
1
]
Author
Topic: VPN Kill Switch (Read 226 times)
FWMan
Newbie
Posts: 9
Karma: 0
VPN Kill Switch
«
on:
October 15, 2024, 04:28:20 pm »
Hi, I've setup a WG VPN as per
https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html
including the kill switch step suggested, which works fine but I noticed if I disable the WG gateway that I've created as part of those steps the traffic goes out the default route. I assume this wouldn't normally happen so the kill switch would stop it but I wanted to prevent this, so I added a block rule, see attached with the yellow arrow. This seems to work however if I have continous ping running from a machine in the VPN_Hosts group the ping continues to respond although internet access is blocked as expected. If I start a new ping thats blocked so why wouldn't it block ICMP that was already in progress?
I need to ensure that the VPN kill switch is solid. It mentions in the above instructions that there is a couple of ways to do this, what are these?
I would appreciate any recommendations on ensuring there is no scenario where the VPN Hosts could access the internet directly (even by ICMP etc).
Thanks
Logged
FWMan
Newbie
Posts: 9
Karma: 0
Re: VPN Kill Switch
«
Reply #1 on:
October 18, 2024, 12:03:18 pm »
Can anyone advise please?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.7 Production Series
»
VPN Kill Switch