FW 4.1.0 r5 on AXT1800 - VPN Killswitch issue with new VLAN feature

Trying to use the new VLAN feature so that guest network goes out on naked WAN, Private LAN goes out via VPN with killswitch. This causes the Guest Network to be prevented from going out via WAN.

I think now that we have the VLAN feature in here, the killswitch feature needs to be conditional so that it does not kill the VLAN that is set to go out of naked WAN.


Here the VPN killswitch kills my guest network because it is being applied.

Desired behavior:

Apply VPN killswitch only to VLAN that are set to egress via the VPN.

Actual behavior:

“Block Non-VPN Traffic” is applied to all VLAN even if it is set to not egress via VPN.

Edit: May also be related to this guy’s report.https://forum.gl-inet.com/t/wireguard-vpn-policy-on-axt1800/23627

Global Options are given priority over Proxy Policy. Whenever the “Block Non-VPN Traffic” option is enabled, all traffic from the client that does not go via the VPN will be blocked.

How can we create this functionality with the firewall? Or some other means.

If the VPN goes down, dont want anyone on that VLAN to access the internet.

When VPN tunnel is broken (not disabled by user), the devices does not have Internet. This is the default setting on the router.

Thanks Alzhao.

I dont have a great way to test VPN down without turning off the VPN service, so… I believe you.

If the VPN goes down the clients on the guest vlan will not have internet? I have VPN configured only on the guest VLAN not private…

A simple test is that, you upload a wrong vpn configure and enable that vpn to test if your data/dns has leaks.