why is it no longer possible with firmware 4.2.3 kill switch (block non-VPN traffic) and allow access to local (sub)network e.g. 188.8.131.52/24 to use?
makes it impossible to use a raspberry pi or network printer.
with firmware 3.x everything worked fine! I am very disappointed.
Is there a solution for this?
If you use Wireguard, you can exclude LAN traffic from VPN by calculating proper AllowedIps value here: WireGuard AllowedIPs Calculator | Pro Custodibus
Are these devices on gl-ax1800’s WAN side?
192.168.8.x | flint ax-1800 (with wireguard)
192.168.4.x | WAN/subnet (router/internet)
if you activated the kill switch (Block Non-VPN Traffic), access to devices in the upper subnet is not possible.
That’s indeed an issue in the current design. We will optimize that soon.
This looks like the issue I have, kinda sucks I basically can’t use the internet kill switch if i need to access the lan
I’m new on the forum., is this likely going to take a long time to implement? i’ve just read that i could get a different device from my slate a1300 and downgrade to a v3 firmware that was more “logical” with exceptions for VPN policies.
In the original design, we let “Block Non-VPN Traffic(kill switch)” and “Allow Access WAN” be exclusive, because the first option will block lan-to-wan traffic, and the second option will allow lan-to-wan traffic.
As things evolve, we found that allowing lan-to-wan(local wan network but not Internet) is a common requirement as you guys mentioned. So the “Allow Access WAN” should be “allow access directly connected wan subnet”, that makes more sense. We need to update both UI and backend code to do that change, so it takes a relatively long time.
Anyway, here is a workaround in Luci:
Firstly, on page Firewall - Traffic Rules, add the following rule:
192.168.10.0/24 is the local wan network for example.
The second step is to make the newly added rule to be above safe_mode_lan rule(That’s the kill switch rule), and then save&apply.
I’ll give that a try later.
If any of the big bosses of GLInet are reading this, this kind of forum support and engagement has kept me a customer.