Help setting up a kill switch

Post your questions about SoftEther VPN software here. Please answer questions if you can afford.
Locked
stankovic
Posts: 2
Joined: Thu Apr 05, 2018 7:43 pm

Help setting up a kill switch

Post by stankovic » Thu Apr 12, 2018 10:14 am

I use firefox portable with my softether and I would like to set a kill switch. Normally when using regular firefox, I can easily set a kill switch using firewall properties (inbound and outbound connections), however this rule doesn't apply to firefox portable, I have tried numerous times but it just wouldn't work. I would be grateful if someone could suggest a kill switch setting or app that can help cut off all connection in case of IP leak.

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Fri Apr 13, 2018 7:57 am

Simply, you should remove the default gateway for ISP.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Tue May 18, 2021 4:18 am

If you mean to do this, while Softether is connected: route delete 0.0.0.0
...what this will do is remove internet access for Softether, even though Softether appears still connected.

Does anyone have the real answer?

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Tue May 18, 2021 5:11 am

When multiple default gateways are defined, please specify the gateway parameter if you want to remove only one.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Tue May 18, 2021 9:01 pm

The table has only one entry for 0.0.0.0, which is the one and only default, right?

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Wed May 19, 2021 3:30 am

If successful, you should have at least two default gateways defined, one for the physical network and one for the VPN side network.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Wed May 19, 2021 8:04 am

Are "the default gateway for ISP" and "the physical network" referring to the same?

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Wed May 19, 2021 8:09 am

There may be a home router between the physical network and the ISP router, so it's not exactly the same, but you can think of it as about the same.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Wed May 19, 2021 8:40 am

"If successful, you should have at least two default gateways defined, one for the physical network and one for the VPN side network."
--What do you mean by "successful"?

cedar
Site Admin
Posts: 2070
Joined: Sat Mar 09, 2013 5:37 am

Re: Help setting up a kill switch

Post by cedar » Wed May 19, 2021 10:46 am

If a new Internet connection is provided using a VPN, you probably have a default gateway or an equivalent split route.
The split path may be provided, for example, in the form of a netmask of 1.0.0.0.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Wed May 19, 2021 4:54 pm

When Softether VPN is not connected, here is my route table:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.1 10.0.0.52 20
10.0.0.0 255.255.255.0 On-link 10.0.0.52 276
10.0.0.52 255.255.255.255 On-link 10.0.0.52 276
10.0.0.255 255.255.255.255 On-link 10.0.0.52 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.52 276
255.255.255.255 255.255.255.255 On-link 10.0.0.52 276

When Softether VPN is connected, here is my route table:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.238.254.254 10.238.20.116 20
10.0.0.0 255.255.255.0 On-link 10.0.0.52 276
10.0.0.52 255.255.255.255 On-link 10.0.0.52 276
10.0.0.255 255.255.255.255 On-link 10.0.0.52 276
10.238.0.0 255.255.0.0 On-link 10.238.20.116 276
10.238.20.116 255.255.255.255 On-link 10.238.20.116 276
10.238.255.255 255.255.255.255 On-link 10.238.20.116 276
75.75.75.75 255.255.255.255 10.0.0.1 10.0.0.52 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
219.100.37.86 255.255.255.255 10.0.0.1 10.0.0.52 20
224.0.0.0 240.0.0.0 On-link 10.0.0.52 276
255.255.255.255 255.255.255.255 On-link 10.0.0.52 276


What should be changed such that when VPN disconnects, ISP will not connect?

flygun
Posts: 13
Joined: Tue May 18, 2021 4:23 am

Re: Help setting up a kill switch

Post by flygun » Thu May 20, 2021 1:34 am

1, delete default route before SE Client connect to server

Code: Select all

#windows admin terminal
route delete 0.0.0.0
#linux 
sudo ip route delete default
2, add youre SE Server's IP to the route , so you can not go anywhere except you SE server.

Code: Select all

#windows admin terminal (supose your ADSL router gatway ip 192.168.0.1 ,  xxx.xxx.xxx.xxx is youre SE server IP)
route add xxx.xxx.xxx.xxx/32 192.168.0.1
#linux 
sudo ip route add xxx.xxx.xxx.xxx/32 via 192.168.0.1
3, start your SE client connect, when SE client connected, it will add 0.0.0.0 to a gateway by SE Server, so you can go internet by SE Server

4, when SE client disconnect , It will delete 0.0.0.0, and you can not go any where except you SE server.

flygun
Posts: 13
Joined: Tue May 18, 2021 4:23 am

Re: Help setting up a kill switch

Post by flygun » Thu May 20, 2021 1:48 am

5, when you need go out by you ISP , just add default gateway to your 192.168.0.1

Code: Select all

#win
route add 0.0.0.0/0 192.168.0.1
#or
route add 0.0.0.0 mask 0.0.0.0 192.168.0.1
#linux
sudo ip route add default via 192.168.0.1
#or 
sudo ip route add 0.0.0.0/0 via 192.168.0.1

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Thu May 20, 2021 7:59 am

(I am sorry that the tables I posted are not spaced in a very readable way. I had them spaced, but after posting, the spaces were removed (?).)

Doggone! It worked! Thank-you. I have been waiting a long time for that, as evidenced in the other thread.



I had been expecting to use a batch file for this, but that can't be since the host IP is variable and must be manually typed each time.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Sun Mar 19, 2023 1:11 am

Important:

I would add here that if the connection is a wireless connection/router, disable auto-reconnect in Windows (etc). I would not think it could, but mine somehow reconnects unless I disable auto-reconnect.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Help setting up a kill switch

Post by solo » Sun Mar 19, 2023 1:58 am

ray5450 wrote:
Sun Mar 19, 2023 1:11 am
Important:

I would add here that if the connection is a wireless connection/router, disable auto-reconnect in Windows (etc). I would not think it could, but mine somehow reconnects unless I disable auto-reconnect.
Important #2

- in VPN connection properties check "No Adjustments Of Routing Table" https://www.vpnusers.com/viewtopic.php? ... 682#p98542

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Fri Mar 24, 2023 10:57 am

I found the "no adjustments" setting.

What is it that this does, or prevents? Thanks.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Help setting up a kill switch

Post by solo » Fri Mar 24, 2023 11:10 am

It prevents SoftEther from automatic reinstatement of the original default gateway when VPN connection breaks later for any reason, which would kill YOUR kill switch.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Sat Mar 25, 2023 1:34 am

Does the Windows setting accomplish the same effect?

Is doing both optional or necessary (as compared to one of either)? ...or is doing both all the better?

Is the SE setting better?

Thanks.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Help setting up a kill switch

Post by solo » Sat Mar 25, 2023 3:36 am

On SE Linux do as advised earlier.

On SE Windows do both. Analyze your routing table before and during VPN connection, then prepare specific kill switch batch files. This is easy for VPN to your own server but for VPN Gate you'll need lots of batch files.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Sat Mar 25, 2023 1:01 pm

Yes, I know how to do it just fine. That was not my question, but thanks.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Help setting up a kill switch

Post by solo » Sat Mar 25, 2023 1:13 pm

Alright, here is a short version - unless you check "No Adjustments Of Routing Table", whatever you do ain't a kill switch.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Sat Mar 25, 2023 3:33 pm

Thanks.

I do not disagree with you. I only was wondering what the difference is between the final effect of disabling Windows auto-reconnect and SE "No Adjustments Of Routing Table".

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Wed Mar 29, 2023 1:21 am

When I try to check "No Adjustments Of Routing Table", and then close/save the setting, the following error displays:
"Unacceptable operation. Use the VPN Gate Utility to modify the connection setting for VPN Gate Public VPN Relay Servers."

I have searched the web, the site, and the forum and do not find anything as to a "VPN Gate Utility".

?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Help setting up a kill switch

Post by solo » Wed Mar 29, 2023 1:51 am

Use the standard "SoftEther VPN Client Manager" and connect like eg:

host: public-vpn-185.opengw.net/tcp
port: 443
vhub: VPNGATE
user: vpn
pass: vpn

"No Adjustments Of Routing Table" OK

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Wed Mar 29, 2023 11:05 am

After doing so, how then, would I connect to a server on the SE server list?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Help setting up a kill switch

Post by solo » Wed Mar 29, 2023 11:21 am

The list https://www.vpngate.net/en/
and do not use vpngate-client, use softether-vpnclient

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Thu Mar 30, 2023 2:24 am

lalkelalke04 wrote:
Wed Mar 29, 2023 1:23 pm
I would add here that if the connection is a wireless connection/router, disable auto-reconnect in Windows (etc). I would not think it could, but mine somehow reconnects unless I disable auto-reconnect.
This is a copy of my above post. Why did you repost it?

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Thu Mar 30, 2023 2:50 am

solo wrote:
Wed Mar 29, 2023 11:21 am
The list https://www.vpngate.net/en/
and do not use vpngate-client, use softether-vpnclient
I'm not sure what you are saying.

Here is a narrative of what I am seeing.

In installed software, is listed "Softether VPN Client Manager". I opened this. Next, under the top Menu item "Connect", there is a drop down item, "New VPN Connection Setting". I opened this, and is where I entered/changed the settings that you previously posted. After saving ("OK"), it closes, and a new entry line appears which says:
"New VPN Connection" "Offline" "public-vpn-185.opengw.net/tcp(Direct TCP/IP Connection)" "VPNGATE" "VPN"
The entry above this line is called "VPN Gate Public VPN Relay Servers", which opens the list of servers.
Is this correct, so far?

If so...
If I then open the list of servers under "VPN Gate Public VPN Relay Servers", and connect to one, the "New VPN Connection" for which you supplied the settings for, says "Offline". Should it?

I then asked you, "how then, would I connect to a server on the SE server list?"

You offered the list of servers as listed on a webpage, and said, "do not use vpngate-client, use softether-vpnclient".
I would think that "softether-vpnclient" is the same as "Softether VPN Client Manager"?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Help setting up a kill switch

Post by solo » Thu Mar 30, 2023 8:21 am

It's drifting off topic. Everything is already described.
ray5450 wrote:
Sat Mar 25, 2023 1:01 pm
Yes, I know how to do it just fine.
Proceed.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Thu Mar 30, 2023 11:10 am

Off topic?? Everything I said is in regard to setting this "kill switch" to work using the information you mention, and the topic name is indeed "help setting up a kill switch". Please, explain how my asking whether the software settings you provided were implemented correctly, whether it should say "offline", what is its relation to the relay servers, and whether we are referring to the same software, are "off topic".

Further, this whole forum is about assisting with this software. One issue that relatedly leads to another all in regard to SE could not be off topic. If I asked for a recipe for chocolate cake, that would be off topic.

"Yes, I know how to do it just fine."--This was in response to changing the route table in command line. I am not asking about that.

Are you, in fact, understanding what I asked in my previous post?

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Help setting up a kill switch

Post by solo » Thu Mar 30, 2023 11:26 am

ray5450 wrote:
Thu Mar 30, 2023 11:10 am
Are you, in fact, understanding what I asked in my previous post?
Of course. I do not write tutorials.

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Fri Mar 31, 2023 12:13 am

No one asked you to. A "tutorial" is not the answering of a few questions.

Since you understand my questions and apparently refuse to answer, what, indeed, is the purpose of this forum if not to help people with this software?

Maybe you need me to ask one question at a time. Were the software settings you provided, implemented correctly as I described it to you? (that would be a yes, or no)

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Sat Apr 01, 2023 3:49 pm

Maybe you misunderstand me, when I said, "After doing so, how then, would I connect to a server on the SE server list?"

I have used this software for many years. I know how to connect to these servers, but have only done so through, what I believe to be called the host list plugin. I here emphasize from above, "AFTER doing so..." (meaning from previous post, after changing the settings).

I believe I have figured this out. I can replace the host you offered (public-vpn-185.opengw.net/tcp) with any of the servers on the list. Correct?

ray5450
Posts: 44
Joined: Mon Aug 26, 2019 8:19 pm

Re: Help setting up a kill switch

Post by ray5450 » Mon Apr 03, 2023 11:35 pm

From previous post: "I believe I have figured this out. I can replace the host you offered (public-vpn-185.opengw.net/tcp) with any of the servers on the list. Correct?"

Is this true? Please, answer yes or no.

solo
Posts: 1228
Joined: Sun Feb 14, 2021 10:31 am

Re: Help setting up a kill switch

Post by solo » Mon Apr 03, 2023 11:44 pm

yes

Locked