I am attempting to solve this via firewall. I block all RFC1918 source traffic on the LAN interface but allow all traffic on the VPN interface. That seems to function reliably. I’ve tested that I can egress while the VPN is active but not at all when it goes down.
If this is not a good solution, let me know, but it seems reliable and doesn’t require any other tooling.
I realize this doesn’t fit your use case since you have other connections you don’t want in the VPN, but I’m still curious if others use this setup.
I am attempting to solve this via firewall. I block all RFC1918 source traffic on the LAN interface but allow all traffic on the VPN interface. That seems to function reliably. I’ve tested that I can egress while the VPN is active but not at all when it goes down.
If this is not a good solution, let me know, but it seems reliable and doesn’t require any other tooling.
I realize this doesn’t fit your use case since you have other connections you don’t want in the VPN, but I’m still curious if others use this setup.