Page 1 of 1

VPN Kill Switch

Posted: Sun Jul 31, 2022 5:57 am
by elcangri
Hi, all!

Since there is no built-in Kill Switch (as of today) option in the SoftEther, I have been desperately looking all over the internet to find a working solution. No results so far.

Then I noticed, once you connect and disable the DNS configuration, make it a static 0.0.0.0, once you disconnect or drop from SoftEther, you simply cannot connect to the web. If you reconnect back the SoftEther Server you can again browse the web.

Am I mistaken or is this the same as what cedar meant, when he wrote: "Simply, you should remove the default gateway for ISP." in connection to the same topic:
cedar wrote:
Fri Apr 13, 2018 7:57 am
Simply, you should remove the default gateway for ISP.

Than you.

Re: VPN Kill Switch

Posted: Mon Aug 08, 2022 1:08 pm
by solo
Yes, the same. Use these commands in your script to enable/disable VPN kill switch:

set /p dg=Enter default gateway: || set dg=192.168.x.x
route delete 0.0.0.0 %dg%
route add 0.0.0.0 mask 0.0.0.0 %dg%

Re: VPN Kill Switch

Posted: Fri Mar 03, 2023 3:29 pm
by deadinside
solo wrote:
Mon Aug 08, 2022 1:08 pm
Yes, the same. Use these commands in your script to enable/disable VPN kill switch:

set /p dg=Enter default gateway: || set dg=192.168.x.x
route delete 0.0.0.0 %dg%
route add 0.0.0.0 mask 0.0.0.0 %dg%
Can u make it more clear for a newbie please ? I will appreciate it, thanks

I guess im supposed to copy paste it in to CMD but it doesnt work for me

Re: VPN Kill Switch

Posted: Fri Mar 03, 2023 10:06 pm
by solo
Typical VPN routing table to a sample 12.123.123.123 server

Code: Select all

Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     192.168.30.1    192.168.30.12      2
   12.123.123.123  255.255.255.255    192.168.111.1  192.168.111.101     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
...
- in VPN connection properties check "No Adjustments Of Routing Table"
- prepare these batch files:

kill-on.bat

Code: Select all

@echo off
set /p dg=Enter default gateway: || set dg=192.168.111.1
route add 12.123.123.123 mask 255.255.255.255 %dg% 
route delete 0.0.0.0 %dg%
pause
kill-off.bat

Code: Select all

@echo off
set /p dg=Enter default gateway: || set dg=192.168.111.1
route add 0.0.0.0 mask 0.0.0.0 %dg%
route delete 12.123.123.123 %dg%
pause
  1. start the VPN connection
  2. run kill-on.bat
  3. after disconnecting VPN run kill-off.bat

Re: VPN Kill Switch

Posted: Tue Apr 04, 2023 12:36 am
by ray5450
(https://www.vpnusers.com/viewtopic.php?f=7&t=60319)

Thank-you.

I would have posted this at the end of the above page for finally answering, but it is "locked" (?)

Re: VPN Kill Switch

Posted: Sun Apr 09, 2023 3:15 pm
by ray5450
Connection works fine, but there is a problem here after disconnecting.

When the batch line below executes (after VPN disconnect):
route add 0.0.0.0 mask 0.0.0.0 %dg% (Where dg is my default gateway.)
...this command line error occurs: "The route addition failed: The object already exists."

After that, there is no internet access. I have tried disabling and re-enabling the ethernet adapter. I have tried uninstalling/reinstalling ethernet driver.

In order to re-establish access, I had to change my MAC address.

Here is the route table after disconnect, and after kill-off execution. The first line is present before the kill-off. After previously executing kill-on, I have verified the first line/default is removed as it should be. Somehow, at some point, it is re-added either at or before the time of VPN disconnect and BEFORE kill-off execution, which I don't think should happen, yet there is also no internet access.

Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.204.0.1 10.204.1.28 21
10.204.0.0 255.255.248.0 On-link 10.204.1.28 276
10.204.1.28 255.255.255.255 On-link 10.204.1.28 276
10.204.7.255 255.255.255.255 On-link 10.204.1.28 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.204.1.28 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.204.1.28 276

Again, there is no internet connection.

Re: VPN Kill Switch

Posted: Mon Apr 17, 2023 11:40 pm
by ray5450
Additional observations, and conclusions:

After deleting the default gateway with batch command (route delete 0.0.0.0 %dg%), I have verified that it really is deleted from the route table, as expected. However, I have found that after some hours of VPN connection, at some unknown point/time, that original default entry is somehow re-added. This is why it results in the "object already exists" error when I add it back--see above post.

I have verified that the route table, before making any changes or starting VPN, is exactly identical to the route table after disconnecting and deleting the VPN server (default gateway already there, somehow)....but yet, after trying to reconnect without VPN, there is no internet connection.

I have found there there is still no internet connection if I change the MAC address to one that I have used before. In order to connect, I must create a new MAC address each time.

Does Windows keep previous MAC addresses in some storage that I can clear, and why would I need to change this, anyway?--it is not mentioned in any suggestions in this thread. Otherwise, I would conclude that this "Kill switch" does not work at all.

I am requesting help with this.

(I have saved a copy of the route table at each step, if it would help.)



Edit: After thinking about this some more, I strongly suspect that this mysteriously re-added default gateway is the problem. Is there a way to stop this from happening? If so, I would try it.

Re: VPN Kill Switch

Posted: Tue Apr 18, 2023 2:40 am
by solo
ray5450 wrote:
Mon Apr 17, 2023 11:40 pm
I have verified that it really is deleted from the route table, as expected. However, I have found that after some hours of VPN connection, at some unknown point/time, that original default entry is somehow re-added.
This happens when your PC-to-router connection is unstable. To resolve the issue switch from WiFi to wired Ethernet .

Re: VPN Kill Switch

Posted: Sun Apr 30, 2023 3:22 am
by ray5450
(I missed your response until now...)

It is and has been connected to wired ethernet...there is no router.

Re: VPN Kill Switch

Posted: Sun Jun 04, 2023 3:54 am
by ray5450
I have spent a lot of time on this, and tried very hard.

As part of my testing, I am trying again the manual connections settings, e.g., :
host: public-vpn-185.opengw.net/tcp
port: 443
vhub: VPNGATE
user: vpn
pass: vpn

I have tried various hosts with their given ports currently in the list, but none will connect. Is it the user and password? Something else?

Re: VPN Kill Switch

Posted: Sun Jun 04, 2023 12:32 pm
by solo
Works for me...

Code: Select all

root@ubuntu:/home/a# /usr/local/vpnclient/vpncmd /CLIENT localhost /CMD AccountStatusGet public-vpn-185.opengw.net

AccountStatusGet command - Get Current VPN Connection Setting Status
Item                                      |Value
------------------------------------------+--------------------------------------------------------
VPN Connection Setting Name               |public-vpn-185.opengw.net
Session Status                            |Connection Completed (Session Established)
VLAN ID                                   |-
Server Name                               |public-vpn-185.opengw.net/tcp
Port Number                               |TCP Port 443
Server Product Name                       |SoftEther VPN Server (64 bit)
Server Version                            |4.32
Server Build                              |Build 9729
Connection Started at                     |2023-06-04 (Sun) 22:22:12
First Session has been Established since  |2023-06-04 (Sun) 22:22:14
Current Session has been Established since|2023-06-04 (Sun) 22:22:14
Number of Established Sessions            |1 Times
Half Duplex TCP Connection Mode           |No (Full Duplex Mode)
VoIP / QoS Function                       |Disabled
Number of TCP Connections                 |1
Maximum Number of TCP Connections         |1
Encryption                                |Enabled (Algorithm: AES128-SHA)
Use of Compression                        |No (No Compression)
Physical Underlay Protocol                |Standard TCP/IP (IPv4)
                                          |IPv4 UDPAccel_Ver=2 ChachaPoly_OpenSSL UDPAccel_MSS=1309
UDP Acceleration is Supported             |Yes
UDP Acceleration is Active                |No
Session Name                              |SID-VPN-1105628-9FE8CA509B
Connection Name                           |CID-5513771-C15FAD2756
Session Key (160 bit)                     |49ECC219CE5F961E5BD6EDB1AB28269C48091E39
Bridge / Router Mode                      |No
Monitoring Mode                           |No
Outgoing Data Size                        |1,649 bytes
Incoming Data Size                        |1,499 bytes
Outgoing Unicast Packets                  |0 packets
Outgoing Unicast Total Size               |0 bytes
Outgoing Broadcast Packets                |8 packets
Outgoing Broadcast Total Size             |648 bytes
Incoming Unicast Packets                  |0 packets
Incoming Unicast Total Size               |0 bytes
Incoming Broadcast Packets                |2 packets
Incoming Broadcast Total Size             |684 bytes
The command completed successfully.
That said, this is off topic. Post your grievances in the VPN Gate forum.

Re: VPN Kill Switch

Posted: Wed Jun 28, 2023 12:49 am
by ray5450
Solution:
The recreation of the default gateway that I am experiencing, as it reappears in the route table, is because of renewing of DHCP lease.
To avoid the default gateway from being recreated (in Windows), open and manually set ipv4 properties under the network connection used. Obtain the information needed from ipconfig /all. Leave default gateway blank. To reconnect to ISP, re-enter the default gateway. However, I experienced that sometimes the ISP DHCP lease might have expired while connected to VPN and will not connect. In that case, change back to Obtain address (and DNS) automatically, then disconnect and reconnect.

As far as using the "No Adjustments Of Routing Table" option posted by solo, for me, it makes no difference...it works without it, since solo (or anyone else) would not respond about it.

(By the way, I obtained this information from another forum site which has people, unlike solo, that actually want to help others.)