VPN routes only for existing connections

It may be desirable to set the routes for VPN connections only when the connection is actually established.

• This prevents packets from being routed to the Internet and stored by Conntrack, thus preventing the connection from being established correctly
• This can be advantageous, for example, if VoIP is to go through the tunnel
• Load balancing via a second firewall is significantly simplified if only the UTM receives a route where the tunnel is actually established

Connection via SSH or via menu Extras CLI :

route get determines the correct connection ID

route set id <ID> flags BLACKHOLE_IF_OFFLINE

E.G.: route set id "2" flags BLACKHOLE_IF_OFFLINE
This command discards packets to this destination if the route does not exist.
With SSL VPN or Wireguard, for example, if the tunnel is not available.