the kill switch is to PROTECT us, so that when there is no VPN,
nothing is sent out.
yet if I turn on VPN already, but also turn on VPN policy WITH a empty list,
then all connected devices are suring using ISP IP == danger
(when the list is empty, yes the devices are listed out,
but ALL of them are then turned into using ISP IP!
So if you can digest what I say, can understand, you should know
the KILL SWITCH is NOT SAFE)
Here’s what I expect:
If the Internet Kill Switch is enabled, then NO traffic should go through the ISP.
If VPN Policies (eg, exceptions) are then added, then NO traffic should go through the ISP until these are APPLIED (ie. the Apply button is clicked).
there is PC A, aim for using VPN IP
there is PC B, aim for ISP IP (but not yet installed)
for VPN policy I will set PC B to be excluded from VPN usage,
but since PC B is not installed, I don’t know the MAC/IP,
so VPN policy is ON, but list is empty. (I assume this will mean exclude NOTHING,
but luochongjun above say this means exclude EVERYTING)! <— the logic is wrong here!
case A: Kill Switch ON, VPN +, PC A using VPN IP
case B: Kill Switch ON, VPN -, PC A should offline, but now PC A is using ISP IP!
Well, the Internet Kill Switch should kill anything not going through the VPN, so if VPN not enabled, then no traffic.
Regarding the VPN Policies, then everything excluded can go out to the internet. All other traffic would be dependent on whether the VPN is enabled or not.
Agreed, If you enable VPN Policies and select “do not use for the following”, then it should be that everything still goes through the VPN, except items listed - if that list is empty => no exclusions (or NOTHING, as you put it).
Now the UI is designed by Engineers, not product managers. We need better design to make it work for consumers. We will develop this on smartphone app.
Been a little while, but I have re-visited this and done some further testing.
My conclusion is that I wholly concur with posts 1 and 3:
The VPN policy is flawed in that if you set “Use VPN for all processes on the router” and click apply with an empty exclusion list (ie. everything is included) it does the complete opposite to what it says. ie. ALL traffic is excluded and uses ISP.
Regarding the Kill-Switch - this also fails as it is over-riden in the above scenario (ie. use VPN for all processes and set an empty exclude list).
I would kindly ask that these serious leak issues are addressed ASAP!
You’re joking right? I have “VPN for all processes” enabled and nothing in the “do not use VPN for” list!
To me, (and the OP, for that matter) both those settings mean use VPN for everything!
This should be the default situation (where 11:11:11:11:11:11 is a made up MAC)
OK, having had a much closer look, I see what is happening here now - I see you have added the words “all MAC address” if you click apply with an empty list (I think this was added in 3.105 which I am testing currently). That clarifies things somewhat, although I would rather have had that in the drop down box to be selected and not pushed as the default.