Firmware 4.0 and Kill switch VPN

“Kill Switch” has been changed to “Block Non-VPN Traffic” in Firmware 4.0 and behaves like before. This is because GL.iNet’s previous Kill Switch is intended to block traffic even if you do not Enable VPN at all, which is to force you to use VPN even to access Internet. This is different from commercial VPN providers’ definition of Kill Switch, so “Block Non-VPN Traffic” may be a better term for how GL.iNet actually works.

If you use VPN app on client devices, then turn off “Block Non-VPN Traffic” and turn on Kill Switch in the app.

I do not work for and I do not have formal association with GL.iNet

1 Like

The Block Non-VPN Traffic function is not working properly when a device is on the exclusion list. I put my PC on the list not to use the VPN configured on the router because I use the NordVPN client (Wireguard) installed on the computer , but when I enable the Block Non-VPN Traffic function, my PC’s traffic is completely blocked, leaving no connection, it’s unfortunate! I really regret upgrading to firmware 4.

If I added the computer to the exclusion list (network card and computer wifi card) the Non-VPN Traffic function should not affect it.

It may be that VPN Policies only apply to VPN that is running on the router itself and you are using VPN app on client devices.

This “problem” does not occur in firmware 3, but after updating to version 4 it is not possible to go back

To to back to firmware 3.x, use uboot failsafe.

The killswitch is supposed to block all non-vpn traffic.

The killswitch is supposed to block all non-vpn traffic.> Blockquote

In firmware 3.X, devices added to the VPN exclusion list are not affected by the kill switch. I already reverted the 4.X firmware to 3.X

I have the AX1800 Flint router and just updated to beta 4.0.1 and find the same problem as the OP re the Kill Switch functionality. In V3 the kill switch worked as logic dictates - ie if the device is excluded by mac or IP then it is not affected by the kill switch. Perfect logic - and it worked perfectly.

After the upgrade to V4, even though the device is excluded by mac address, that device is completed blocked by the VPN kill switch. That is not logical and entirely stupid!

Please change back to the logic you applied to V3. A working and logical VPN Kill Switch is an essential tool.

After the upgrade to V4, even though the device is excluded by mac address, that device is completed blocked by the VPN kill switch. That is not logical and entirely stupid!>

I don’t understand why GL Inet changed the way the Kill switch works in version 4, a completely wrong approach! I had to go back to V3 version.

Yes - agreed! I am now considering returning it to Amazon. How can a VPN Kill Switch be described as working correctly if it blocks non-VPN devices (ie excluded by mac address!).

I have no wish to down grade to V3 as it is such ancient openwrt software. Sadly I think it will be returned.

Thanks guys.

But v4.x put Kill switch as global option and it is has more priority than vpn policy. This is by design and we don’t have plan to go back to v3.x.

Deleted - All responses noted.

Thanks

In firmware 4.x, when block non-vpn traffic is not enabled:

If vpn connection fails (fails is different from disabled), vpn enabled devices will not have Internet.

I’m using the 4.0.1 beta on Flint and found this. I appreciate that GL-Inet intends this behavior since it’s more restrictive in preventing leaks, but it is very unhelpful.

I need to exempt a device from VPN and these devices were a great way to do it. Unfortunately Beryl was too slow and unstable—and based on absurdly old openWRT. So I got Flint and updated to beta firmware. Seems stable but the missing feature means I’ll be sending this back. Huge disappointment…

BTW, I cannot find a place on v4 to “exempt” devices from vpn, even though it doesn’t work. Where is this?

You have the vpn policy here.

Sorry for the delayed response: your tip really helped me while I was on vacation with the Flint! I didn’t notice that the smallish arrows were a link to a separate configuration. :pray::pray:

We made it bigger in firmware update!

1 Like

Super! Any hint on when the next firmware might be coming? Maybe in the stable channel? I see ATX1800 already has 4.0.2 in stable channel… :frowning:

I am using 4.1. It has a lot of changes so may be slower.

Would be nice if you guys can update the documentation on the website to reflect this change, on the website it’s still showing the old GUI kill switch way.

There is 4.0 docs VPN Dashboard - GL.iNet Docs

Update continuously.