Help setting up a kill switch

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Post Reply
stankovic
Posts: 2
Joined: Thu Apr 05, 2018 7:43 pm

Help setting up a kill switch

Post by stankovic » Thu Apr 12, 2018 10:14 am

I use firefox portable with my softether and I would like to set a kill switch. Normally when using regular firefox, I can easily set a kill switch using firewall properties (inbound and outbound connections), however this rule doesn't apply to firefox portable, I have tried numerous times but it just wouldn't work. I would be grateful if someone could suggest a kill switch setting or app that can help cut off all connection in case of IP leak.

cedar
Site Admin
Posts: 1610
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Fri Apr 13, 2018 7:57 am

Simply, you should remove the default gateway for ISP.

ray5450
Posts: 22
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Tue May 18, 2021 4:18 am

If you mean to do this, while Softether is connected: route delete 0.0.0.0
...what this will do is remove internet access for Softether, even though Softether appears still connected.

Does anyone have the real answer?

cedar
Site Admin
Posts: 1610
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Tue May 18, 2021 5:11 am

When multiple default gateways are defined, please specify the gateway parameter if you want to remove only one.

ray5450
Posts: 22
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Tue May 18, 2021 9:01 pm

The table has only one entry for 0.0.0.0, which is the one and only default, right?

cedar
Site Admin
Posts: 1610
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Wed May 19, 2021 3:30 am

If successful, you should have at least two default gateways defined, one for the physical network and one for the VPN side network.

ray5450
Posts: 22
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Wed May 19, 2021 8:04 am

Are "the default gateway for ISP" and "the physical network" referring to the same?

cedar
Site Admin
Posts: 1610
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Wed May 19, 2021 8:09 am

There may be a home router between the physical network and the ISP router, so it's not exactly the same, but you can think of it as about the same.

ray5450
Posts: 22
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Wed May 19, 2021 8:40 am

"If successful, you should have at least two default gateways defined, one for the physical network and one for the VPN side network."
--What do you mean by "successful"?

cedar
Site Admin
Posts: 1610
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Wed May 19, 2021 10:46 am

If a new Internet connection is provided using a VPN, you probably have a default gateway or an equivalent split route.
The split path may be provided, for example, in the form of a netmask of 1.0.0.0.

ray5450
Posts: 22
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Wed May 19, 2021 4:54 pm

When Softether VPN is not connected, here is my route table:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.52 20
10.0.0.0 255.255.255.0 On-link 10.0.0.52 276
10.0.0.52 255.255.255.255 On-link 10.0.0.52 276
10.0.0.255 255.255.255.255 On-link 10.0.0.52 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.52 276
255.255.255.255 255.255.255.255 On-link 10.0.0.52 276

When Softether VPN is connected, here is my route table:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.238.254.254 10.238.20.116 20
10.0.0.0 255.255.255.0 On-link 10.0.0.52 276
10.0.0.52 255.255.255.255 On-link 10.0.0.52 276
10.0.0.255 255.255.255.255 On-link 10.0.0.52 276
10.238.0.0 255.255.0.0 On-link 10.238.20.116 276
10.238.20.116 255.255.255.255 On-link 10.238.20.116 276
10.238.255.255 255.255.255.255 On-link 10.238.20.116 276
75.75.75.75 255.255.255.255 10.0.0.1 10.0.0.52 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
219.100.37.86 255.255.255.255 10.0.0.1 10.0.0.52 20
224.0.0.0 240.0.0.0 On-link 10.0.0.52 276
255.255.255.255 255.255.255.255 On-link 10.0.0.52 276


What should be changed such that when VPN disconnects, ISP will not connect?

flygun
Posts: 13
Joined: Tue May 18, 2021 4:23 am

Re: Help setting up a kill switch

Post by flygun » Thu May 20, 2021 1:34 am

1, delete default route before SE Client connect to server

Code: Select all

#windows admin terminal
route delete 0.0.0.0
#linux 
sudo ip route delete default
2, add youre SE Server's IP to the route , so you can not go anywhere except you SE server.

Code: Select all

#windows admin terminal (supose your ADSL router gatway ip 192.168.0.1 ,  xxx.xxx.xxx.xxx is youre SE server IP)
route add xxx.xxx.xxx.xxx/32 192.168.0.1
#linux 
sudo ip route add xxx.xxx.xxx.xxx/32 via 192.168.0.1
3, start your SE client connect, when SE client connected, it will add 0.0.0.0 to a gateway by SE Server, so you can go internet by SE Server

4, when SE client disconnect , It will delete 0.0.0.0, and you can not go any where except you SE server.

flygun
Posts: 13
Joined: Tue May 18, 2021 4:23 am

Re: Help setting up a kill switch

Post by flygun » Thu May 20, 2021 1:48 am

5, when you need go out by you ISP , just add default gateway to your 192.168.0.1

Code: Select all

#win
route add 0.0.0.0/0 192.168.0.1
#or
route add 0.0.0.0 mask 0.0.0.0 192.168.0.1
#linux
sudo ip route add default via 192.168.0.1
#or 
sudo ip route add 0.0.0.0/0 via 192.168.0.1

ray5450
Posts: 22
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Thu May 20, 2021 7:59 am

(I am sorry that the tables I posted are not spaced in a very readable way. I had them spaced, but after posting, the spaces were removed (?).)

Doggone! It worked! Thank-you. I have been waiting a long time for that, as evidenced in the other thread.



I had been expecting to use a batch file for this, but that can't be since the host IP is variable and must be manually typed each time.

Post Reply