VPN Kill Switch

Started by FWMan, October 15, 2024, 04:28:20 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 15, 2024, 04:28:20 PM
Hi, I've setup a WG VPN as per https://docs.opnsense.org/manual/how-tos/wireguard-selective-routing.html including the kill switch step suggested, which works fine but I noticed if I disable the WG gateway that I've created as part of those steps the traffic goes out the default route. I assume this wouldn't normally happen so the kill switch would stop it but I wanted to prevent this, so I added a block rule, see attached with the yellow arrow. This seems to work however if I have continous ping running from a machine in the VPN_Hosts group the ping continues to respond although internet access is blocked as expected. If I start a new ping thats blocked so why wouldn't it block ICMP that was already in progress?

I need to ensure that the VPN kill switch is solid. It mentions in the above instructions that there is a couple of ways to do this, what are these?

I would appreciate any recommendations on ensuring there is no scenario where the VPN Hosts could access the internet directly (even by ICMP etc).

Thanks
October 18, 2024, 12:03:18 PM #1
Can anyone advise please?
Print
Go Up Pages1
User actions