0

I have a router with VPN-client feature. The router is connected to VPN server via L2TP/IPSEC.

The Windows PC is connected to the router and getting internet traffic from VPN server. All works well.

The problem is the Windows PC (connected to the router) switching to NON-VPN internet traffic when VPN client disconnects on router's side.

How to block Windows from sending/receiving non-VPN traffic coming from router when router's VPN client is not connected to VPN Server?

Should it be configured on router's side or OS side?

P.S. Router model is: TP-link Archer AX20 (AX1800 Wi-Fi) Connection between router and Windows PC is via LAN cable only (wi-fi is disabled on router)

Improve this question
2
  • 1
    On the router side. Windows can't "programatically" know whether the router is using a VPN. Normally you implement a so-to-speak "kill-switch" on the VPN client host, i.e., firewall rules that allows nothing but the traffics destined at the VPN server going out of a physical interface (while all other traffics go out of the tunnel interface which leads them to the VPN program for encapsulation).
    – Tom Yan
    Commented Oct 27, 2023 at 4:30
  • @TomYan thank you for kill-switch. This is exactly what I need
    – Roman M
    Commented Oct 27, 2023 at 19:21

2 Answers 2

Reset to default
0

Which VPN client are you using? Maybe you'll be better off running the vpn server yourself, through a raspberry or similar (OpenVPN, Wireguard for instance). The Zerotier is also very easy to administer, with much faster throughput than traditional vpn (my experience). If you let your pc run the client, most of them will let you tweak to force all internet traffic through the vpn. Whether it is a laptop or stationary, you'd be better off configure the restrictions on the computer and not the router, IMHO. The router infrastructure often changes over time, and you should at least be sure that your end-user (the computer) is safely on the vpn

Improve this answer
2
  • Server is linux-based VPN L2TP/IPSEC. Router's VPN client only works with PPTP/L2TP VPNs
    – Roman M
    Commented Oct 27, 2023 at 0:10
  • Thanks for mentioning Zerotier. It may be very useful and may save me some money for VPN, but it does not solve the problem in the question
    – Roman M
    Commented Oct 27, 2023 at 19:26
0

The feature is called "kill-switch" (feature of VPN client).

On the router side. Windows can't "programatically" know whether the router is using a VPN. Normally you implement a so-to-speak "kill-switch" on the VPN client host, i.e., firewall rules that allows nothing but the traffics destined at the VPN server going out of a physical interface (while all other traffics go out of the tunnel interface which leads them to the VPN program for encapsulation).

Tom Yan

Thanks to Tom Yan (who commented under the question)

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .