cancel
Showing results for 
Search instead for 
Did you mean: 

VPN Fusion Kill Switch / RT-AX86U

Neoony
Level 9
Hello

I noticed that VPN Fusion was just recently added with firmware update on RT-AX86U

Use (not really relevant for the question):
I have a use for it at my Raspberry PI and NordVPN
Mainly because the nordVPN works awfully on linux/pi (slow and can be problematic without custom reconnecting scripts and such)
Its also behind AI node over wifi 6 where there is some 300-360mbit limited by the WIFI 6 signal
Connecting to VPN directly from PI only gives me some 100mbit
Connecting to VPN over Fusion VPN in the router gives full speed of 300-360mbit while on VPN


Got a custom killswitch on the PI which only allows traffic from/to the VPN interface
But to use VPN Fusion, I would also need some killswitch to make sure it NEVER uses the normal internet

Any ways to do such a killswitch on the router with Fusion VPN?
Or perhaps somehow on the device?
Some way to make sure to restrict the device from accessing normal internet?

From some testing
I cant disallow the normal Internet Connection for the PI, because its already added to the list for the VPN (cant have it disabled in normal Internet connection and enabled in VPN at the same time)
As soon as I stop the VPN or remove the device from the VPN list, it will connect to the normal internet, and this worries me the most.
Not sure what happens if for some reason the VPN loses connection, but I assume it would again revert to the normal internet?

Image of how it looks on this router:
95899

VPN Fusion seems to be absolutely great feature, especially because you can assign VPN to specific devices only.
But it will always be useless to me without a reliable killswitch 😞
5,111 Views
3 REPLIES 3

jzchen
Level 16
If the VPN goes down I assume the Pi will not be able to access the internet. (I never use a VPN so sorry if I'm mistaken). You may try if you have an outdated/incorrect .ovpn file that you know will not work. I mean intentionally break it and see if the Pi still accesses the internet:

https://nordvpn.com/blog/vpn-not-connecting/#:~:text=If%20your%20VPN%20software%20is,and%20reinstall....

So try to do the opposite, say change the ports to incorrect ones...

jzchen wrote:
If the VPN goes down I assume the Pi will not be able to access the internet. (I never use a VPN so sorry if I'm mistaken). You may try if you have an outdated/incorrect .ovpn file that you know will not work. I mean intentionally break it and see if the Pi still accesses the internet:

https://nordvpn.com/blog/vpn-not-connecting/#:~:text=If%20your%20VPN%20software%20is,and%20reinstall....

So try to do the opposite, say change the ports to incorrect ones...


Using faulty .ovpn file
95907
Still connected to normal internet

Few minutes later
95906
Still connected to normal internet

Does not seem to go further
Looks to me that this would just go without VPN as soon as it would lose it 😞

Basically the main reason why I would be worried about this, is because you can notice that even after adding device to the VPN and enabling it, you still have internet connection until you later instantly get the VPN connection. There is no break in between that would suggest that some kill happens on the normal internet while its connecting to the VPN. ( unless it would be that good at switching 😄 )

So most likely when VPN would be lost, it would go into this "Connecting..." state, and return normal connection meanwhile

I might actually look into trying asuswrt firmwares, now that I noticed that asuswrt-merlin is meant to be similar to stock firmware (keeping most features/functionality), but with some fixes and more advanced stuff
Although, would be great if there was some way on stock

Neoony
Level 9
Much better with asuswrt-merlin
Much more better options
And much clearer
Will definitely be using asuswrt-merlin

95930

95931

However
It behaves pretty much the same (much more responsive though when connecting and such)

I just cant test the killswitch
I guess I would have to set up my own VPN and kill it to test it, so that the "client" is running and it fails while connected

Also saw these 2 threads
https://www.snbforums.com/threads/killswitch-doesnt-work-anymore-on-rt-ac86u-386-3_2.74666/
https://www.snbforums.com/threads/vpn-director-killswitch.73994/

Where someone mentioned:
"That's intended behaviour. By manually turning off the VPN client you are saying "I don't want to use this client". That is not the same as the the tunnel failing while the VPN client is enabled, which is what will trigger the killswitch."

I am just used to a killswitch that will completely kill your internet until you turn on the VPN
Probably now that I can run custom stuff, I should be able to somehow test it without setting up my own (or just my own 100% killswitch)
Might look into that later

Still worried about, what if the client just stops? What if the router restarts? and similar...

But yeah, this is much more trust-worthy with asuswrt-merlin
Because there is at least some option to indicate that some kill-switch exists
While with the stock one, you have no idea whether its supposed to be there or not
Hopefully at some point they will update the manual and explain it
And kill-switch is something that isnt usually enabled in VPNs by default (also not in asuswrt-merlin)

EDIT:
Actually this explains a lot: https://www.snbforums.com/threads/how-is-the-vpn-killswitch-implemented.79842/
https://www.snbforums.com/threads/kill-switch-doesnt-work.74948/post-797809