How to set up a Kill switch on Tomato and DD-WRT router?

In order to prevent traffic leaking outside the VPN tunnel whenever you are unexpectedly disconnected from the VPN, you have to adjust the Firewall settings in the router:

For Tomato router:

  1. Login to router and go to Administration -> Scripts -> Firewall

  2. Add the following rule:
    iptables -I FORWARD -i br0 -o nvram get wan_iface -j DROP

  3. Save the rule and reboot the router.

For DD-WRT router:

  1. Login to router and go to ‘Administration’ – > ‘Commands’

  2. Add the following rule:
    iptables -I FORWARD -i br0 -o nvram get wan_iface -j DROP

  3. Click on “Save Firewall” and reboot the router.

NOTE: The above firewall (iptables) rule drops forwarding packets for all IPs in the LAN if the VPN is inactive/disconnected. Forwarding only works when the VPN is active.

Did this answer your question?