4.x firmware kill switch also kills domain-based exceptions

danielg · February 10, 2024, 11:17am

I used the policy mode based on the target IP or domain in firmware 4.x and noticed that the global option to block non-VPN traffic also blocks domain-based exceptions. I guess this is to be expected given that the kill switch is now called a global option but it is a change from the 3.x firmware where VPN policies like domain exceptions took precedence over the kill switch.

Is there a way to keep domain-based exceptions allowed in 4.x while preventing all non-excepted domains from being accessed without the VPN on such as when the VPN connection was dropped on the router?

admon · February 10, 2024, 11:18am

Unfortunately I am not aware of any way to get this working, sorry

danielg · March 18, 2024, 10:55am

That is too bad. Imo a kill switch should prevent traffic that is meant to go through a VPN from bypassing it e.g. when the VPN server is down, not block traffic that is anyway authorized to bypass the VPN.

alzhao · March 18, 2024, 2:51pm

This has been implemented when you enable the vpn. You don’t need the global Killswitch option.

danielg · March 18, 2024, 4:24pm

That is great to know, thanks!