BrumeW /w VPN policy to exclude some device, instead it disabled ALL VPN instead

Happi · 2020-09-07T17:49:20.920Z

ccchan:

you should also mention if there is VPN or if there is no VPN.

Well, the Internet Kill Switch should kill anything not going through the VPN, so if VPN not enabled, then no traffic.
Regarding the VPN Policies, then everything excluded can go out to the internet. All other traffic would be dependent on whether the VPN is enabled or not.

ccchan · 2020-09-07T18:01:09.886Z

yes what you said is what expected,

the only thing is:

when the total list is PC A, PC B.

if u state “exclude B”, then ofcoz result is exclude B. BrumeW did this.

But when you state “exclude empty list”, I expect exclude nothing, but BrumeW now is exclude EVERYTING.
that’s the problem.

And I made my self clear enough.

Happi · 2020-09-07T18:43:06.757Z

Agreed, If you enable VPN Policies and select “do not use for the following”, then it should be that everything still goes through the VPN, except items listed - if that list is empty => no exclusions (or NOTHING, as you put it).

ccchan · 2020-09-07T19:08:52.891Z

final:

as seen in this photo.

“do not use VPN for the following”,

the list is empty,

HOWEVER, there is a “ALL mac address” there,
and thus means “exclude everything”.

literally, the router is correct,
but logically, this is wrong.

Happi · 2020-09-07T20:37:24.256Z

Yes, I see that now - appears that “all MAC addresses” is the default.

alzhao · 2020-09-08T04:34:34.904Z

There is NO “empty list”.

You cannot exclude nothing. It has to be All or Something.

If you want to exclude NOTHING, think our include ALL.

ccchan · 2020-09-08T06:59:31.832Z

Just want to say in everyday language,
exclude (empty list) = exclude nothing. exclude ALL = really exclude ALL.

The brume may behave like what you say (exclude empty list also = exclude ALL) for some reason,
may be this is easier for programming etc.

but certainly, layman will think as the everyday language i mentioned above,
as agreed by another user.

thanks

alzhao · 2020-09-08T08:39:38.682Z

I do agree with you.

Now the UI is designed by Engineers, not product managers. We need better design to make it work for consumers. We will develop this on smartphone app.

Happi · 2020-10-25T10:16:32.366Z

Been a little while, but I have re-visited this and done some further testing.
My conclusion is that I wholly concur with posts 1 and 3:

The VPN policy is flawed in that if you set “Use VPN for all processes on the router” and click apply with an empty exclusion list (ie. everything is included) it does the complete opposite to what it says. ie. ALL traffic is excluded and uses ISP.

Regarding the Kill-Switch - this also fails as it is over-riden in the above scenario (ie. use VPN for all processes and set an empty exclude list).

I would kindly ask that these serious leak issues are addressed ASAP!

GL749×591 16 KB

alzhao · 2020-10-25T15:51:29.089Z

From your screenshot, it is clearly that, you exclude all for vpn, i.e. do not use vpn for all.

Happi · 2020-10-25T16:49:15.530Z

You’re joking right? I have “VPN for all processes” enabled and nothing in the “do not use VPN for” list!
To me, (and the OP, for that matter) both those settings mean use VPN for everything!

This should be the default situation (where 11:11:11:11:11:11 is a made up MAC)

Capture2804×593 16.9 KB

alzhao · 2020-10-26T15:56:44.221Z

If you do not add any item in the list, it means “do not use vpn for the following” → all Mac addresses

There is “Do (not) use vpn for all Mac address” logic

There is no “Do (not) use vpn for empty list” logic.

Happi · 2020-10-26T17:38:26.546Z

alzhao:

If you do not add any item in the list, it means “do not use vpn for the following” → all Mac addresses

OK, having had a much closer look, I see what is happening here now - I see you have added the words “all MAC address” if you click apply with an empty list (I think this was added in 3.105 which I am testing currently). That clarifies things somewhat, although I would rather have had that in the drop down box to be selected and not pushed as the default.

alzhao · 2020-10-27T00:00:07.598Z

we can always improve the UI. Pls use the current logic and UI for now. Thanks.

ccchan · 2020-10-29T18:03:36.406Z

The problem is,
YOUR CURRENT logic is opposite to common sense.

This will make security-fans angry (I turn to openwrt for security over non-updated router).
Its better if you somehow told them BEFORE HAND (prevention) instead of they found out themselves
(screwed)<— this could lead to someone being persecuted, no matter you are in China, hong kong or USA.
It’s like you bought a metal safe, and you found out öops the safe could be open-ed this way.
try youtube “lock pickying lawyer”, you will know the frustration.

thanks

ccchan · 2020-10-30T06:36:01.505Z

Suppose alzhao’s mom is asking him/her to list out things that will be DUMPED,

@alzhao want to dump nothing, and wrote “nil”, ëmpty" into the list and his/her mom dumped EVERYTHING he/she got instead (using his/her logic)

That’s when he/she will cry.

this is the common sense logic behind:
alzhao wrote nil into the list, and his/her mom will dump nothing.
this shd be the normal case for everyone.

ccchan · 2020-10-30T06:58:11.319Z

btw even in 3.104 there are those words but one cant imagine they are included

alzhao · 2020-10-30T07:18:51.391Z

Pls man, it is written there “everything”, not nothing.

Happi · 2020-10-30T09:06:27.525Z

I agree the logic is wrong - if you are applying VPN policies then it should be obvious that “all MAC address” is the last thing you are looking to do (otherwise you would turn off the VPN!).

I think the answer would be:

to move the “all mac address” to the drop down list, or better, remove it completely (as per above logic).
to give an error when clicking apply until something has been selected.

alzhao · 2020-10-30T12:54:21.183Z

From what you said, the logic is correct. It is the UI not giving intuitive guide.

As I said, will improve.