To to back to firmware 3.x, use uboot failsafe.
The killswitch is supposed to block all non-vpn traffic.
The killswitch is supposed to block all non-vpn traffic.> Blockquote
In firmware 3.X, devices added to the VPN exclusion list are not affected by the kill switch. I already reverted the 4.X firmware to 3.X
I have the AX1800 Flint router and just updated to beta 4.0.1 and find the same problem as the OP re the Kill Switch functionality. In V3 the kill switch worked as logic dictates - ie if the device is excluded by mac or IP then it is not affected by the kill switch. Perfect logic - and it worked perfectly.
After the upgrade to V4, even though the device is excluded by mac address, that device is completed blocked by the VPN kill switch. That is not logical and entirely stupid!
Please change back to the logic you applied to V3. A working and logical VPN Kill Switch is an essential tool.
1 Like
After the upgrade to V4, even though the device is excluded by mac address, that device is completed blocked by the VPN kill switch. That is not logical and entirely stupid!>
I don’t understand why GL Inet changed the way the Kill switch works in version 4, a completely wrong approach! I had to go back to V3 version.
Yes - agreed! I am now considering returning it to Amazon. How can a VPN Kill Switch be described as working correctly if it blocks non-VPN devices (ie excluded by mac address!).
I have no wish to down grade to V3 as it is such ancient openwrt software. Sadly I think it will be returned.
Thanks guys.
But v4.x put Kill switch as global option and it is has more priority than vpn policy. This is by design and we don’t have plan to go back to v3.x.
Deleted - All responses noted.
Thanks
In firmware 4.x, when block non-vpn traffic is not enabled:
If vpn connection fails (fails is different from disabled), vpn enabled devices will not have Internet.
1 Like
I’m using the 4.0.1 beta on Flint and found this. I appreciate that GL-Inet intends this behavior since it’s more restrictive in preventing leaks, but it is very unhelpful.
I need to exempt a device from VPN and these devices were a great way to do it. Unfortunately Beryl was too slow and unstable—and based on absurdly old openWRT. So I got Flint and updated to beta firmware. Seems stable but the missing feature means I’ll be sending this back. Huge disappointment…
BTW, I cannot find a place on v4 to “exempt” devices from vpn, even though it doesn’t work. Where is this?
1 Like
Sorry for the delayed response: your tip really helped me while I was on vacation with the Flint! I didn’t notice that the smallish arrows were a link to a separate configuration. 
We made it bigger in firmware update!
1 Like
Super! Any hint on when the next firmware might be coming? Maybe in the stable channel? I see ATX1800 already has 4.0.2 in stable channel… 
I am using 4.1. It has a lot of changes so may be slower.
Would be nice if you guys can update the documentation on the website to reflect this change, on the website it’s still showing the old GUI kill switch way.
@alzhao Sorry but how is this change logical? Let’s recap:
- On 3.x: VPN kill switch does not affect devices excluded from the VPN using VPN Policy (and why would they; these devices are not meant for the VPN).
- On 4.x "Block Non-VPN Traffic** option completely disables Internet access for devices excluded from VPN using VPN Policy, rendering VPN Policy and this new killswitch incompatible, in other words removing functionality from the devices.
If you guys don’t intend to revert this, can you please advise us how we can achieve the same thing? Perhaps we can manually configure a new zone to put these devices under that doesn’t forward via the VPN?
4 Likes
But you can just leave the kill switch alone. Vpn already has killswitch
Is this still in effect when the router is rebooted and it can’t connect to VPN?
Yes it is.
VPN enabled: You will not have Internet when VPN cannot connect, disconnect or break. Only if you disable vpn, it will have normal Internet.
Disable vpn traffic (Internet killswitch): You will have no Internet if you do not use vpn.
1 Like