1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Script to prevent VPN Leaks

Discussion in 'Tomato Firmware' started by Angryarno, May 26, 2013.

  1. Angryarno

    Angryarno Reformed Router Member


    I´m using an Linksys WRT 54 G with Tomato 1.28 and PPTP VPN Connection with a VPN Provider (Server). At startup, router connects to the server and then my IP is changing.

    Now I want to prevent, that in this few seconds, when the router starts, my real IP (because Linksys routes all traffic to my internet connection) is public, when traffic goes outside. Or maybe the VPN Server has any problems, I will not realise it...

    I want to block all traffic, if there is NO established PPTP VPN connection.

    Is there any way or any script to do this?

    Thanks for your help!
  2. tido

    tido Networkin' Nut Member

    Hi Angryarno, I was wondering the same thing. I know Tomato WAN connection has a PPTP as one of its options wonder if that could work?
  3. Malitiacurt

    Malitiacurt Networkin' Nut Member

  4. bmupton

    bmupton Serious Server Member

  5. lancethepants

    lancethepants Network Guru Member

    This rule from your link seems like it would do it. The rest I think tomato vpn gui will automatically take care of. This rule basically says that the lan interface cannot make any requests through the wan interface. It can however talk to the tun interface, and should be its only means of accessing the internet.

    iptables -I FORWARD -i br0 -o vlan2 -j DROP
    edit: With so many threads on this subject, how funny it would be if the solution was this simple!
  6. bmupton

    bmupton Serious Server Member

    I believe you are correct, the other rules get automatically added.

    If I recall correctly, there was some discussion about that line being added and you no longer being able to access the router's web interface from the LAN...might want to test by just adding that line manually first, instead of putting it in the firewall script, just in case.
  7. Bird333

    Bird333 Network Guru Member

    Sure be cautious but that rule is in the FORWARD chain and shouldn't affect accessing the GUI. FYI, that rule will drop packets going out vlan2 (i.e. DHCP connection) but if you have PPPOE you need to change 'vlan2' to 'ppp0'.
  8. Magdiel1975

    Magdiel1975 Networkin' Nut Member

    Will this iptables prevent users from connecting to another computer on another network (VPN) through my router?

    i guess what I am asking is, I need a iptable that would prevent any user that is connected to my router from accessing their own computer outside my network...is this possible?

Share This Page