BrumeW /w VPN policy to exclude some device, instead it disabled ALL VPN instead

hi,

I am on BrumeW with 3.104,

I wanna use the vpn policy to make VPN for EVERY device, EXCEPT the one i chose.

turns out, it disabled the VPN for all device.

on the VPN page:
when VPN policy is disabled, everything is ok, the outside IP shown by whatismyipaddress is datacomp, which is nordvpn i think.

when VPN policy is enabled, also with VPN for guest, VPN for all process enabled (all 3 enabled),
and choose policy by “mac address”, and choose “do not use VPN for following”.
And the list is empty (as I haven’t install the PC i want to exclude).

after apply, my IP became back to my ISP.

I can provide more info if needed.

another thread talking about this,
could be same thing, not sure.

SECOND problem:
VPN policy OVERIDE the internet kill switch.

1. kill switch set to ON, vpn is set to DISCONNECTED.

2. PC cant get online as kill switch killed the internet because there is no VPN

3. TURN on the VPN policy, set to the setting I mentioned above (which shd be
   secure, as it set VPN for all, and only disallow for a PC server that I have not yet installed).

4. BOOM, the PC can browse the internet using ISP’s IP.

This is really a problem.

I hope to get formal and official response, thanks

summary:

1. VPN policy is evil, it actively leak the ISP IP by faking to exclude something + it overide the kill switch

2. VPN cant auto re-connect, it dont function but it doesn’t harm

thanks

turns out, if the MAC list HAVE something, the VPN policy functions.

but when it is empty, it sucks as above.

so… when u really not using the policy, dont leave it empty, disable the whole function instead.

(VPN seems will re-connect itself, but the button I have to set to be no function,
instead of set it to vpn and physically turn it on)

By default, if the list is empty, all devices are represented.
You can try the following configuration

image782×598 19.8 KB

You’ve set up your PC not to go through a VPN, right?
Kill switch does not conflict with policy. If you have set your PC not to pass VPN, kill switch will not intercept

hi, I got a PC A, which I WANT VPN 100% the time, then a PC B that NO VPN all the time.

Yesterday,
I set BrumeW into VPN mode, internet kill switch ON. Fine, PC A surf using VPN.

I dont have PC B installed yet, but I would like to PREPARE the VPN policy,
I turn on the VPN policy, with NIL in the list.

THEN it sucks, PC A now surf using ISP IP, as you mentioned above.

THIS IS A WRONG LOGIC,
please ask the programmer/manager to study back mathematics.

there is object A and B,
The list I want to exclude is empty, which SHOULD means EXCLUDE NONE.

And brumeW’s logic NOW is to exclude EVERYTHING?

I bet 99.9999% people will stand on my side.

Please think about it.
Thanks.

btw, I am an BrumeW, 3.104, the text I got is some how differ from your graph above.
It says as below.
Anyway, that still doesn’t make sense.

Thank you.

Please Choose Rules

Do not use VPN for the following

Apply

I think you do not yet get my idea,

the kill switch is to PROTECT us, so that when there is no VPN,
nothing is sent out.

yet if I turn on VPN already, but also turn on VPN policy WITH a empty list,
then all connected devices are suring using ISP IP == danger

(when the list is empty, yes the devices are listed out,
but ALL of them are then turned into using ISP IP!
So if you can digest what I say, can understand, you should know
the KILL SWITCH is NOT SAFE)

thanks

image1920×999 54.3 KB

hi as said above,
when VPN is ON, kill switch is ON,
and when the list is empty, as in the screen shot,
everything is using ISP IP!

the kill switch should not be overide with a EMPTY list (I dont mind
if it is overide by a SET list, but must not be by an empty list).

thanks

the problem here is,

when I set PC A to use VPN,
and with a kill switch to hope to keep so.

an empty list (made by activating VPN policy, but not yet add-ed the PC B as it’s
not yet installed. ) turn PC A to use ISP IP to surf.

that’s not logical.

Here’s what I expect:
If the Internet Kill Switch is enabled, then NO traffic should go through the ISP.
If VPN Policies (eg, exceptions) are then added, then NO traffic should go through the ISP until these are APPLIED (ie. the Apply button is clicked).

you should also mention if there is VPN or if there is no VPN.

your message is not concise.

thx for reply.

What I THINK should be:

Background:

there is PC A, aim for using VPN IP
there is PC B, aim for ISP IP (but not yet installed)

for VPN policy I will set PC B to be excluded from VPN usage,
but since PC B is not installed, I don’t know the MAC/IP,
so VPN policy is ON, but list is empty. (I assume this will mean exclude NOTHING,
but luochongjun above say this means exclude EVERYTING)! <— the logic is wrong here!

case A: Kill Switch ON, VPN +, PC A using VPN IP
case B: Kill Switch ON, VPN -, PC A should offline, but now PC A is using ISP IP!

it’s leaking thru ISP IP!

Well, the Internet Kill Switch should kill anything not going through the VPN, so if VPN not enabled, then no traffic.
Regarding the VPN Policies, then everything excluded can go out to the internet. All other traffic would be dependent on whether the VPN is enabled or not.

yes what you said is what expected,

the only thing is:

when the total list is PC A, PC B.

if u state “exclude B”, then ofcoz result is exclude B. BrumeW did this.

But when you state “exclude empty list”, I expect exclude nothing, but BrumeW now is exclude EVERYTING.
that’s the problem.

And I made my self clear enough.

Agreed, If you enable VPN Policies and select “do not use for the following”, then it should be that everything still goes through the VPN, except items listed - if that list is empty => no exclusions (or NOTHING, as you put it).

final:

as seen in this photo.

“do not use VPN for the following”,

the list is empty,

HOWEVER, there is a “ALL mac address” there,
and thus means “exclude everything”.

literally, the router is correct,
but logically, this is wrong.

Yes, I see that now - appears that “all MAC addresses” is the default.