why is it no longer possible with firmware 4.2.3 kill switch (block non-VPN traffic) and allow access to local (sub)network e.g. 198.168.4.1/24 to use?
makes it impossible to use a raspberry pi or network printer.
with firmware 3.x everything worked fine! I am very disappointed.
Is there a solution for this?
This looks like the issue I have, kinda sucks I basically can’t use the internet kill switch if i need to access the lan
I’m new on the forum., is this likely going to take a long time to implement? i’ve just read that i could get a different device from my slate a1300 and downgrade to a v3 firmware that was more “logical” with exceptions for VPN policies.
In the original design, we let “Block Non-VPN Traffic(kill switch)” and “Allow Access WAN” be exclusive, because the first option will block lan-to-wan traffic, and the second option will allow lan-to-wan traffic.
As things evolve, we found that allowing lan-to-wan(local wan network but not Internet) is a common requirement as you guys mentioned. So the “Allow Access WAN” should be “allow access directly connected wan subnet”, that makes more sense. We need to update both UI and backend code to do that change, so it takes a relatively long time.
Anyway, here is a workaround in Luci:
Firstly, on page Firewall - Traffic Rules, add the following rule:
192.168.10.0/24 is the local wan network for example.