In order to prevent traffic leaking outside VPN tunnel whenever you are unexpectedly disconnected from VPN, you have to adjust the Firewall settings in the router:
For Tomato router:
- Login to router and go to Administration -> Scripts -> Firewall
- Add the following rule:
iptables -I FORWARD -i br0 -onvram get wan_iface-j DROP - Save the rule and reboot the router.
For DD-WRT router:
- Login to router and go to ‘Administration’ – > ‘Commands’
- Add the following rule:
iptables -I FORWARD -i br0 -onvram get wan_iface-j DROP - Click on “Save Firewall” and reboot the router.
NOTE: The above firewall (iptables) rule drops forwarding packets for all IPs in the LAN if the VPN is inactive/disconnected. Forwarding only works when the VPN is active.
