Feature Request: When VPN is down, connect to another location

I use GLinet with VPN (I use Mullvad service). I use it for privacy and block all non-VPN network activity unless it is through VPN.

Often I go travel. If I am for example connected to Mullvad (Switzerland) server and it goes down (e.g. for maintenance) all my devices (home security & automation) are no longer able to access the internet.

In such scenario, is must be possible for Glinet software to consider adding very small feature that it connect to another server or location as backup or something so internet activity stays online! Already when you add Mullvad or other VPN service it add all the location so it should not be difficult at all to add feature that if after X amount of retries the connection is not successful it attempts another server/location. This is for backup to help keep network online.

Rotating vpn profiles is possible. Just the policy can be very complicated. Maybe something we can do later.

I am also pro this future because is usefull . Also i want to ask how can be fixed the option : Global Option > Block Non-VPN Traffic because if i activate it will ignore the VPN rules for custom devices who can use the VPN and devices who wont use the VPN.

1 Like

That's because it does not make sense to have both enabled.

There is already a kill-switch built in. If VPN fails, all VPN routed connections will fail as well.
They won't switch to plain WAN.

@admon i have already try and disconnected the VPN and the devices who should be protected by killswitch they get the IPS ip address. But i dont have the Block Non-VPN active. Is just wireguard connection and i have the VPN based policy based on client device. As i said some devices i need to go via VPN and some no.

You cannot disable vpn. You need to keep it enabled.

1 Like

It's a kill switch for failing not for manually disabling it, as @alzhao said.
That is pretty common in network environments, since disabling mean you want to change the topology; but failing means something gone wrong.

Ok now i understand. Thanks for info. True that make sense if you manually disable it to ignore the killswitch. Regarding the future will be nice if will be implemented. Thanks again for fast responses

You can block the device(s) in the list from going out via WAN even if you toggle off the Wireguard client, I have done it for certain devices just incase the VPN gets toggled off (not failing)

Go to advanced settings > Luci > Network > Firewall > Custom Rules

After the pre inserted text enter your clients from your wireguard policy based list

Here in my example I use my device name so I know exactly what it is

#Laptop-Child
iptables -I FORWARD -m mac --mac-source D0:11:11:01:11:1F ! -o wgclient -j DROP

Replace the Mac address to the Mac address of your client that you want to block from ever going out via WAN (make sure this Mac address / device is also kept inside the policy routing list)

If you want to add more clients then just copy and paste the same code underneath and modify the Mac address again.

You can test by toggling of the VPN and trying to access sites, it should now fail.

Thanks for the info @j2zero. I will make a test.

I have same issue. Or even if it would cycle off then on again like if public ip changed and wireguard fell apart.

We are not talking about disabling the VPN if the tunnel or link fails. We are saying that is the tunnel fails allow us to set a backup option for it to connect to. For example, if my Mullvad Wireguard VPN California USA server stops working or goes down I might set the New York server as a backup for the router to connect to to make sure network stays online.

1 Like

That would be indeed somehow cool, maybe @bruce want to take it as some idea for R&D.

1 Like

Will be nice this future. Second server as backup/failover.

Hi,

I check the list again, this requirement is in the develop plan. Thanks.

2 Likes