4.x firmware kill switch also kills domain-based exceptions

I used the policy mode based on the target IP or domain in firmware 4.x and noticed that the global option to block non-VPN traffic also blocks domain-based exceptions. I guess this is to be expected given that the kill switch is now called a global option but it is a change from the 3.x firmware where VPN policies like domain exceptions took precedence over the kill switch.

Is there a way to keep domain-based exceptions allowed in 4.x while preventing all non-excepted domains from being accessed without the VPN on such as when the VPN connection was dropped on the router?

Unfortunately I am not aware of any way to get this working, sorry :frowning:

That is too bad. Imo a kill switch should prevent traffic that is meant to go through a VPN from bypassing it e.g. when the VPN server is down, not block traffic that is anyway authorized to bypass the VPN.

This has been implemented when you enable the vpn. You don’t need the global Killswitch option.

That is great to know, thanks!