diff --git a/src/freedombone-mesh-batman b/src/freedombone-mesh-batman
index 37a0692532901e4623560778e12b7a953dc57875..3e96c4df31bc7f1f09f293ccf4216abfed2ff3a5 100755
--- a/src/freedombone-mesh-batman
+++ b/src/freedombone-mesh-batman
@@ -355,6 +355,7 @@ function start {
     brctl addbr $BRIDGE
     brctl addif $BRIDGE bat0
     ifconfig bat0 0.0.0.0
+    ethernet_connected='0'
     if [ "$EIFACE" ] ; then
         ethernet_connected=$(cat /sys/class/net/$EIFACE/carrier)
         if [[ "$ethernet_connected" != "0" ]]; then
@@ -452,21 +453,22 @@ function start {
     iptables -A INPUT -p tcp --dport 8008 -j ACCEPT
     iptables -A INPUT -p udp --dport 8010 -j ACCEPT
     iptables -A INPUT -p tcp --dport 8010 -j ACCEPT
-    # vpn over the internet
-    iptables -A INPUT -p tcp --dport 653 -j ACCEPT
-    iptables -A INPUT -p udp --dport 653 -j ACCEPT
-    iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
-    iptables -A INPUT -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -j ACCEPT
-    iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
-    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
-    iptables -A OUTPUT -o tun+ -j ACCEPT
-
-    echo 1 > /proc/sys/net/ipv4/ip_forward
-    sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
-    sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
-    sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
+    if [[ "$ethernet_connected" != "0" ]]; then
+        # vpn over the internet
+        iptables -A INPUT -p tcp --dport 653 -j ACCEPT
+        iptables -A INPUT -p udp --dport 653 -j ACCEPT
+        iptables -A INPUT -i ${EIFACE} -m state --state NEW -p tcp --dport 1194 -j ACCEPT
+        iptables -A INPUT -i tun+ -j ACCEPT
+        iptables -A FORWARD -i tun+ -j ACCEPT
+        iptables -A FORWARD -i tun+ -o ${EIFACE} -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -A FORWARD -i ${EIFACE} -o tun+ -m state --state RELATED,ESTABLISHED -j ACCEPT
+        iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ${EIFACE} -j MASQUERADE
+        iptables -A OUTPUT -o tun+ -j ACCEPT
+        echo 1 > /proc/sys/net/ipv4/ip_forward
+        sed -i 's|# net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+        sed -i 's|#net.ipv4.ip_forward|net.ipv4.ip_forward|g' /etc/sysctl.conf
+        sed -i 's|net.ipv4.ip_forward.*|net.ipv4.ip_forward=1|g' /etc/sysctl.conf
+    fi
 
     systemctl restart avahi-daemon