I use GLinet with VPN (I use Mullvad service). I use it for privacy and block all non-VPN network activity unless it is through VPN.
Often I go travel. If I am for example connected to Mullvad (Switzerland) server and it goes down (e.g. for maintenance) all my devices (home security & automation) are no longer able to access the internet.
In such scenario, is must be possible for Glinet software to consider adding very small feature that it connect to another server or location as backup or something so internet activity stays online! Already when you add Mullvad or other VPN service it add all the location so it should not be difficult at all to add feature that if after X amount of retries the connection is not successful it attempts another server/location. This is for backup to help keep network online.
I am also pro this future because is usefull . Also i want to ask how can be fixed the option : Global Option > Block Non-VPN Traffic because if i activate it will ignore the VPN rules for custom devices who can use the VPN and devices who wont use the VPN.
@admon i have already try and disconnected the VPN and the devices who should be protected by killswitch they get the IPS ip address. But i dont have the Block Non-VPN active. Is just wireguard connection and i have the VPN based policy based on client device. As i said some devices i need to go via VPN and some no.
It's a kill switch for failing not for manually disabling it, as @alzhao said.
That is pretty common in network environments, since disabling mean you want to change the topology; but failing means something gone wrong.
Ok now i understand. Thanks for info. True that make sense if you manually disable it to ignore the killswitch. Regarding the future will be nice if will be implemented. Thanks again for fast responses
You can block the device(s) in the list from going out via WAN even if you toggle off the Wireguard client, I have done it for certain devices just incase the VPN gets toggled off (not failing)
Go to advanced settings > Luci > Network > Firewall > Custom Rules
After the pre inserted text enter your clients from your wireguard policy based list
Here in my example I use my device name so I know exactly what it is
#Laptop-Child
iptables -I FORWARD -m mac --mac-source D0:11:11:01:11:1F ! -o wgclient -j DROP
Replace the Mac address to the Mac address of your client that you want to block from ever going out via WAN (make sure this Mac address / device is also kept inside the policy routing list)
If you want to add more clients then just copy and paste the same code underneath and modify the Mac address again.
You can test by toggling of the VPN and trying to access sites, it should now fail.
We are not talking about disabling the VPN if the tunnel or link fails. We are saying that is the tunnel fails allow us to set a backup option for it to connect to. For example, if my Mullvad Wireguard VPN California USA server stops working or goes down I might set the New York server as a backup for the router to connect to to make sure network stays online.