Jump to content


Photo

How to block ALL Internet traffic when VPN connection goes down?


  • Please log in to reply
10 replies to this topic

#1 tt66

  • Member
  • 4 posts

0
Neutral

Posted 1 August 2013 - 09:01

Hi,
on openpli image is there a way to block ALL Internet traffic when VPN connection goes down?
Is it possible to force using internet only if VPN connection is UP?

Thanks in advance
tt66


Edited by tt66, 1 August 2013 - 09:02.


Re: How to block ALL Internet traffic when VPN connection goes down? #2 pieterg

  • PLi® Core member
  • 32,766 posts

+245
Excellent

Posted 1 August 2013 - 09:03

This is the OpenPLi forum, not the XTA forum.

Re: How to block ALL Internet traffic when VPN connection goes down? #3 Pr2

  • PLi® Contributor
  • 6,182 posts

+261
Excellent

Posted 1 August 2013 - 09:29

Hi,

 

If you drop ALL internet traffic this means that you will NEVER be able again to connect to your VPN, since ALL traffic will be blocked!

So the VPN port must remain open, and you only need to open this one on your ISP router/firewall to your STB, and use a strong authentication mecanism.

 

Pr2


NO SUPPORT by PM, it is a forum make your question public so everybody can benefit from the question/answer.
If you think that my answer helps you, you can press the up arrow in bottom right of the answer.

Wanna help with OpenPLi Translation? Please read our Wiki Information for translators

Sat: Hotbird 13.0E, Astra 19.2E, Eutelsat5A 5.0W
VU+ Solo 4K: 2*DVB-S2 + 2*DVB-C/T/T2 (used in DVB-C) & Duo 4K: 2*DVB-S2X + DVB-C (FBC)

AB-Com: PULSe 4K 1*DVB-S2X (+ DVB-C/T/T2)
Edision OS Mio 4K: 1*DVB-S2X + 1*DVB-C/T/T2
 


Re: How to block ALL Internet traffic when VPN connection goes down? #4 tt66

  • Member
  • 4 posts

0
Neutral

Posted 1 August 2013 - 10:10

Hi,

 

If you drop ALL internet traffic this means that you will NEVER be able again to connect to your VPN, since ALL traffic will be blocked!

So the VPN port must remain open, and you only need to open this one on your ISP router/firewall to your STB, and use a strong authentication mecanism.

 

Pr2

 

Can you try to post a configuration for Openpli with OpenVPN (default configuration and port 1194 I suppose)?


Edited by tt66, 1 August 2013 - 10:10.


Re: How to block ALL Internet traffic when VPN connection goes down? #5 WanWizard

  • PLi® Core member
  • 70,563 posts

+1,816
Excellent

Posted 1 August 2013 - 10:58

You could set a hardcoded set of routes, that routes everything to the VPN next hop, except the public IP of the VPN endpoint? And maybe to local LAN so the default gateway can still be found?


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: How to block ALL Internet traffic when VPN connection goes down? #6 tt66

  • Member
  • 4 posts

0
Neutral

Posted 1 August 2013 - 11:08

You could set a hardcoded set of routes, that routes everything to the VPN next hop, except the public IP of the VPN endpoint? And maybe to local LAN so the default gateway can still be found?

 

I understand but I'm not able to do that (I'm a newbie in Linux world)...Could you post a working configuration or simply indicate which commands should be used?

 

Thanks



Re: How to block ALL Internet traffic when VPN connection goes down? #7 Pr2

  • PLi® Contributor
  • 6,182 posts

+261
Excellent

Posted 1 August 2013 - 11:09

@tt66

 

No because I am not using this feature.

 

Pr2


NO SUPPORT by PM, it is a forum make your question public so everybody can benefit from the question/answer.
If you think that my answer helps you, you can press the up arrow in bottom right of the answer.

Wanna help with OpenPLi Translation? Please read our Wiki Information for translators

Sat: Hotbird 13.0E, Astra 19.2E, Eutelsat5A 5.0W
VU+ Solo 4K: 2*DVB-S2 + 2*DVB-C/T/T2 (used in DVB-C) & Duo 4K: 2*DVB-S2X + DVB-C (FBC)

AB-Com: PULSe 4K 1*DVB-S2X (+ DVB-C/T/T2)
Edision OS Mio 4K: 1*DVB-S2X + 1*DVB-C/T/T2
 


Re: How to block ALL Internet traffic when VPN connection goes down? #8 WanWizard

  • PLi® Core member
  • 70,563 posts

+1,816
Excellent

Posted 1 August 2013 - 11:17

neither do I, you'll have to do some reading.

 

First hit in Google: http://www.thegeekst...route-examples/


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: How to block ALL Internet traffic when VPN connection goes down? #9 tt66

  • Member
  • 4 posts

0
Neutral

Posted 1 August 2013 - 11:24

neither do I, you'll have to do some reading.

 

First hit in Google: http://www.thegeekst...route-examples/

 

I'll try, thanks...Maybe it shouldn't be the right way...With ip tables support it should be easier or not?

 

Please, if somebody has new ideas, post something for the community ;)

 

Thanks



Re: How to block ALL Internet traffic when VPN connection goes down? #10 WanWizard

  • PLi® Core member
  • 70,563 posts

+1,816
Excellent

Posted 1 August 2013 - 11:35

iptables could be an option to, but afaik it isn't (fully) implemented in the image. An STB isn't supposed to be connected to the outside world...


Currently in use: VU+ Duo 4K (2xFBC S2), VU+ Solo 4K (1xFBC S2), uClan Usytm 4K Ultimate (S2+T2), Octagon SF8008 (S2+T2), Zgemma H9.2H (S2+T2)

Due to my bad health, I will not be very active at times and may be slow to respond. I will not read the forum or PM on a regular basis.

Many answers to your question can be found in our new and improved wiki.


Re: How to block ALL Internet traffic when VPN connection goes down? #11 pieterg

  • PLi® Core member
  • 32,766 posts

+245
Excellent

Posted 1 August 2013 - 11:54

Hi,
on openpli image is there a way to block ALL Internet traffic when VPN connection goes down?
Is it possible to force using internet only if VPN connection is UP?

Thanks in advance
tt66

 
 

This is the OpenPLi forum, not the XTA forum.

Here you see a very nice example why we don't like people to edit their posts.
The edit time is rather limited already, but apparently still too long.
So for anyone who is wondering "why can't I edit my post", well, this is why.


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users