Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to Setup a DDWRT VPN KillSwitch
This is a common question among ddwrt users especially of VPN Usage.

How do I setup a DDWRT Kill-Switch in the case the VPN Connection is dropped?

Well, this is actually easy to setup with a DDWRT Firewall Rule.

*** NOTICE *** For Policy Based Routing Users this will interfere.

Also, you may not need to firewall the whole /16 subnet.... We chose to do that just to go to the extreme Smile

Step 1) Login to your DDWRT Router.

Step 2) Go to the "Administration" TAB....the the "Commands" TAB and insert the following code

iptables -I FORWARD -s -o $(nvram get wan_iface) -j DROP

You should then have a code that looks like the below picture

[Image: sploitworks-ddwrt-firewall-killswitch-image1.PNG]

Step 3) Save Firewall.

Step 4) Go to the Administration TAB and then Reboot the router at the bottom of the page.

For Tech Geeks

What this does:

This firewall rule will make sure that any IP from 192.168.0.X through Behind the router will not get internet or be able to route internet if the VPN Connection drops. It works 100% guaranteed.

The firewall code will get network adapter for the VLAN interface through the , ( nvram get wan_iface ) command and then firewall (Drop) all Packets requested through that IP range unless it comes from the VLAN interface we added the firewall rule to. Once the VLAN Wan is Back in action (Reconnected to the VPN Service) packets are allowed to flow to that IP range.

How to test if it is working:

1) Go to Services... VPN and disable the VPN Client or simply change a character on your password and press apply. Then try to get out on the internet on your devices. Reboot the router if you think it will default to the default ISP connection it wont.

Forum Jump:

Users browsing this thread: 1 Guest(s)