AX1800, 4.2.3. VPN IP Leak, Kill switch not working when VPN is off

GLiNET WTF ?
Not sure if this unique to the new firmware or if I was leaking my real IP before.

Global Options: OFF
VPN Policy Base On Client: Set defined by MAC

There are a couple issues with this settings, the first one is that if I turn the VPN off to lets say switch VPN services, the devices included in my MAC list will have access to the Internet and leak the real IP address.
Second, if the VPN is enabled but lets say not connecting due to VPN Server issues, no device will have access to the internet regardless if they are in the MAC list or not.

I tested doing the opposite with the Client policy, I enabled the Global Option to Block Non VPN traffic and inverted the Client Policy to NOT use VPN expecting it to work. But if the VPN is off, the devices in the client policy that should NOT use VPN they now dont have internet access even when they should since Im using the policy as a whitelist.

Not sure how it’s possible for GliNET to drop the ball on this one so bad.

Need a response to this ASAP, this is a serious flaw especially coming from a company advertising their routers as having top notch VPN capabilities.

1 Like

Have you enabled “Allow Access WAN” at VPN dashboard global options?

I retest the case you mentioned.

This is by design if you don’t turn on “Block Non-VPN Traffic”.
If you don’t turn the VPN off, there should be no leak.

This is also by design if you turn on “Block Non-VPN Traffic”.
One side effect of making “Block Non-VPN Traffic” too powerful.

I do encounter this issue by setting “VPN Policy Base On The Client Device”.
Make sure you click Apply, when you change to that policy mode.
We’ll do more tests by clicking around and optimize that.

Any updates?
Does Glint have any plans of giving us a killswitch per device?
Currently there is no killswitch if the global option "Block all non-vpn traffic" is off.
We need a solution for this.
I'd like to have the Block non vpn on all the time but only for some devices specified in the policy mode, any other devices should use my ISP.
thanks!

That's not true. The "killswitch" is always active.
As soon as a VPN connection breaks (not by disabling, but by failing!) the traffic will stop.

1 Like

The killswitch is only enabled when you turn on "Block all non vpn traffic"

My current setting are as follows:
Global Options / Block non vpn = off. This is because I have more devices in my network that I need to use without the VPN
But when I do this, if the VPN fails, the devices in my Policy mode still have access to the internet via my ISP, this is a big issue. Or if I need to switch VPNs or turn it off, I'd like to have the devices in my Policy to be blocked from the internet. How is this complicated?
There are a few posts about this issue in the forum.

Nope, this isn't true.

As long as the connection awaits to be routed by VPN, it will still kill.
How do you test failing the VPN?