Feature Request: When VPN is down, connect to another location

I use GLinet with VPN (I use Mullvad service). I use it for privacy and block all non-VPN network activity unless it is through VPN.

Often I go travel. If I am for example connected to Mullvad (Switzerland) server and it goes down (e.g. for maintenance) all my devices (home security & automation) are no longer able to access the internet.

In such scenario, is must be possible for Glinet software to consider adding very small feature that it connect to another server or location as backup or something so internet activity stays online! Already when you add Mullvad or other VPN service it add all the location so it should not be difficult at all to add feature that if after X amount of retries the connection is not successful it attempts another server/location. This is for backup to help keep network online.

Rotating vpn profiles is possible. Just the policy can be very complicated. Maybe something we can do later.

I am also pro this future because is usefull . Also i want to ask how can be fixed the option : Global Option > Block Non-VPN Traffic because if i activate it will ignore the VPN rules for custom devices who can use the VPN and devices who wont use the VPN.

1 Like

That's because it does not make sense to have both enabled.

There is already a kill-switch built in. If VPN fails, all VPN routed connections will fail as well.
They won't switch to plain WAN.

@admon i have already try and disconnected the VPN and the devices who should be protected by killswitch they get the IPS ip address. But i dont have the Block Non-VPN active. Is just wireguard connection and i have the VPN based policy based on client device. As i said some devices i need to go via VPN and some no.

You cannot disable vpn. You need to keep it enabled.

1 Like

It's a kill switch for failing not for manually disabling it, as @alzhao said.
That is pretty common in network environments, since disabling mean you want to change the topology; but failing means something gone wrong.

Ok now i understand. Thanks for info. True that make sense if you manually disable it to ignore the killswitch. Regarding the future will be nice if will be implemented. Thanks again for fast responses

You can block the device(s) in the list from going out via WAN even if you toggle off the Wireguard client, I have done it for certain devices just incase the VPN gets toggled off (not failing)

Go to advanced settings > Luci > Network > Firewall > Custom Rules

After the pre inserted text enter your clients from your wireguard policy based list

Here in my example I use my device name so I know exactly what it is

iptables -I FORWARD -m mac --mac-source D0:11:11:01:11:1F ! -o wgclient -j DROP

Replace the Mac address to the Mac address of your client that you want to block from ever going out via WAN (make sure this Mac address / device is also kept inside the policy routing list)

If you want to add more clients then just copy and paste the same code underneath and modify the Mac address again.

You can test by toggling of the VPN and trying to access sites, it should now fail.

Thanks for the info @j2zero. I will make a test.