I have GL.iNet GL-AXT1800 that I intend to use for travelling around the world. I have wireguard server at home so need the wireguard client aspect of the router to be robust. I'd have about 5 devices connected to the router, all to go through VPN. And if VPN fails, kill switch should NOT let any clients access internet publicly.
Wife's phone will not go through VPN.
Current firmware
To set it up, I am to add my 5 devices here.
Wife's phone will not be added there as her phone will access publicly.
Have BNVT (block non VPN traffic) option off. This is the global VPN kill switch.
wireguard VPN connection also has internal kill switch that cannot be toggled.
Some questions.
I read information on how the global VPN kill switch is handled differently in firmware 4.x. So afaik, i am to keep that off. And just rely on the internal vpn switch?
How do i test that internal kill switch works? afaik i cannot manually disable the vpn. That will just force clients to access publicly and that's by design. So i have to test it by stopping the connection from my wireguard server, so then the clients connected to router cannot access internet. Yea?
is the internal vpn switch robust? robust enough that there will not be any public leaks when I'm travelling around the world?
thanks for the fast reply alzhao. I really appreciate it.
can you explain how that'll work? because to connect router to hotel wifi, i can use wifes phone to do the connection. Basically the MAC address clone way.
While using hotel Wi-Fi for example this isn't possible. During the login on the captive portal there is a short amount of time where tiny leaks are possible.
Let me say it might depend on your needs. I would say that this short amount of time, where leaks are possible, are mostly acceptable for most users. This might be different if you fear law enforcement or even more bad aggressors.
A single IP package going through a normal ISP instead of VPN won't destroy your privacy - mostly.
Using a 4G modem is, in my opinion, even more problematic because 4G modems are traceable and locatable via cell tower triangulation. This can pinpoint a device's location with relative precision, sometimes down to a few hundred meters, depending on the network's density and the number of nearby cell towers.
Ok so what's the best leak free option then? I thought the whole purpose of these travels routers was that they are 100% leak free. I want all traffic from my chosen client devices to always go through VPN. Never hit any server without the VPN. So if i'm in say japan. I dont want any japan requests going through to my companys websites.
I guess the best would be not take company laptop. I have that option. I can take personal laptop. Since no tracking software, then all company will see if that my public IP is consistent, then its ok?
100% in IT is not really possible. Mostly never. They are pretty leak free, but it depends on different things. Using a repeater in a hotel is one of those things that might leak a few packages, mostly DNS.
Just don't use your companies' laptop to enable the repeater mode and login into the captive portal. If you turn your laptop on after the router is connected to the hotel's Wi-Fi, all will be fine.
