Do Not Allow Any Traffic Through Firewall if OpenVPN Connection is Disconnected

[Amanaki]

Hi all,

This is my first post here. I am relatively new to OPNsense after a few years of using consumer grade routers flashed with OpenWRT and DD-WRT to manage our home network.

My current setup consists of an upstream consumer router (facing my ISP) running latest version of OpenWRT. I have it setup with a dedicated (always on) OpenVPN connection with a killswitch that does not allow the routing of any traffic if the OpenVPN connection goes down for any reason.

Downstream,  I have OPNsense 18.7.7-amd64, FreeBSD 11.1-RELEASE-p15, OpenSSL 1.0.2p 14 Aug 2018 running on a virtual machine. 

I currently have it setup and running nicely with DNScrypt-proxy, a few VLANS for segmentation and a few basic firewall rules. My network consists of 8 mixed OS clients, so it is very small. Nothing fancy at all.

Assuming I have an OpenVPN connection running on my OPNsense installation, I am wanting to know if I can actually apply the same method to not route any traffic at all through the firewall if my OpenVPN connection goes down on my OPNsense machine and if so, how would I go about getting this setup?

Thanks,
Naki

[guest19228]

I'm not sure if it this what you want to achieve, but have a look here https://forum.opnsense.org/index.php?topic=4979.msg19771#msg19771. I hope it will help. To make sure that it will work only when connected to the VPN you should skip the firewall rules for non VPN connections.  Unfortunately I have no possibility to test this so it's a pure guess that this may help.