Force VPN (No Internet if VPN is not connected) is not working on GL-MT300N-V2

The Force VPN (No Internet if VPN is not connected) switch is not working on GL-MT300N-V2.

I know it from being able to see my exposed external IP via curl ifconfig.me once the VPN-connection is lost.

What should I look into?

Which version do you use? And where do you run this command? This option is available for the client which connect to router, but not router itself.

On the router itself.

The router itself has to be able to connect to the internet anytime. Otherwise it cannot find the vpn which it will connect to.

Is there a way to prevent a certain application running on the router itself from accessing the Internet other than via VPN?

There was in the old firmware (= force VPN). In the new firmware this was (attempted to be) made dummy proof (ie. automatic) but unfortunately, was totally bodged.

Maybe anything I could do via the firewall config?

compile your own openwrt and use namespace

Or use iptables cgroup

Per process routing take 2: using cgroups, iptables and policy routing | Evolware

Say, basing for this Ubuntu Howto: Njalla — IPredator is moving to Njalla - what should I do differently on OpenWRT?

if its transmission, explore bind-address, this would be your tunX ip address

transmission-daemon --bind-address-ipv4=xxx.xxx.xxx.166/26

Is it possible to specify an address range, not a single address?

your tunnel has one 1 ip address not a subnet range

However the VPN server is leasing me IP addresses from a certain range - not always the same one.