Firmware How to block all traffic with DD-WRT if VPN connection fails

dantis

Inactive User
Joined
Mar 28, 2011
Messages
717
Reaction score
250
Location
Viñuela, Costa del Sol, Spain
I am very new to networking and routers etc. so please be gentle!

Let me explain my set-up, I live in Spain and have a Sky+ HD box with full sub, I want to be able to connect the box to the internet to use all the 'On Demand' facilities, obviously due to my IP address I cannot do it directly. I want to have two networks, one with my Spanish IP address and a second router solely for connection by ethernet cable to the Sky box.

This is what I have done so far:
1) My main router is a Tenda with IP 192.168.0.1
2) My secondary router is a TP-Link WR842ND flashed with DD WRT v2 with IP 192.168.1.1 (to keep the networks separate)
3) I have connected the LAN on the Tenda to the WAN of the TP-Link.

So, as it stands I have two separate networks both with my Spanish IP address. So, I am going to subscribe to an OpenVPN account and program the details onto the TP-Link using their set-up procedure.

Okay, so far so good, what I am concerned about is, if the VPN fails then the router will revert back to my ISP IP address and then the Sky box will know that I am in Spain and possibly block it.

What I want to be able to do is to tell the TP-Link that if there is no VPN connection then to block all traffic until the connection reconnects. I know that this is possible but I have no idea how to do it, can some clever technical person, point me in the right direction and in layman's terms!

"I have come across this on another forum but it is double Dutch to me!

I setup the connection to xxxx servers using their tutorial and then insert following line to the firewall rules: "iptables -I FORWARD -i br0 -o vlan2 -j DROP"
- br0 is the bridge with my lan ports & wireless
- vlan2 is my WAN port connected to the modem ISP

So if there is any connection starting from my lan or wifi to the wan port the firewall of the router blocks the connection.

My firewall rules are like this:
iptables -I FORWARD -i br0 -o tun0 -j ACCEPT
iptables -I FORWARD -i tun0 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun0 -j REJECT
iptables -t nat -A POSTROUTING -o tun0 -j MASQUERADE"

I look forward to a non-techie reply.
 
not tried this as I dont have vpn setup on my ddwrt routers, but something like this

iptables -I FORWARD -i br0 -o 'nvram get wan_iface' -j DROP

should drop all connection going via the WAN port

but then I thought this could also drop vpn traffic as that is also going via the wan interface

so the other one (as in your original post) that should work is

iptables -I FORWARD -i br0 -o vlan2 -j DROP

can you do a ifconfig on the von enabled router so I can see what interface is assigned to what
 
I'll wait to see the config(s) but I suspect a block by outbound port may be more successful?
 
Where do I run the ifconfig command and how?

Sorry, but I did say I was a newbie to networking.

using putty or any terminal emulation program either telnet or ssh to the box and then run ifconfig via command line
 
Back
Top