Hello,
I would like to use a Flint Router with Windscribe. Privacy is very important to me. I just downloaded the config files from the VPN provider. I then enabled Block VPN connection without VPN.
Nice to know would be how reliable the VPN killswitch is on my Router? Also: Is every single traffic routed through the VPN Service? Webrtc, p2p torrent and so on is everything protected?I would like to use OpenVPN (TCP) but also Wireguard.
Thanks!
I don’t think I’ve seen leaks from using their interface, but I am not sure. I have never had their VPN interface just randomly not work at all and drop everything if configured correctly. Make sure that you are selecting to block connections if the VPN goes down, there are menu options.
You can also use the LUCI interface, go tho the graph, and go to the connections to see what is going on in terms of connections. That is more advanced.
If you don’t know what you are looking at, it may look scary, but connections to 123 are usually to time servers and usually 53 are DNS queries.
Generally the interface is mostly considered reliable by people. The biggest controversy is whether the openwrt component included is reproducible and whether the software, since it’s closed source, could have vulnerabilities. It’s probably not an issue but if you are a high value target or engaging in extremely risky behavior, using closed source software is potentially not the best idea. Gl.iNet has disputed the open source questions and it’s probably the most controversial aspect of things.
But in general, I’ve looked at the packets in Luci and see what is expected and I’ve also inspected the packets with an external device and what I see in Luci is what I see in the external device.
I am not sure if Webrtc can get through. I think it can’t but never use the protocol and don’t know. I’ve never seen problems with anything leaking.
You can check for if DNS and WebRTC leaks through some online leak-test sites.
When VPN client and KillSwitch (Block non VPN traffic) are enabled, all traffic of LAN clients will go to the VPN interface, any protocol and any traffic.
Of course, choose your favorite VPN protocol and VPN service provider.
Never trust a kill switch. If possible bind the program you are using to the ip address of the tunnel.
Sure, and I dont leak anything (exept for local ip)
But have you guys tested the killswitch? The results of leak tests dont test the killswitch feature.
IDK what VPN tech you're using but if it's WG that one doesn't need a kill switch. It's stateless — by default it uses UDP. The routing tables make the difference in its implementation for pushing the packets wherever they need to be. The only real way to lose the tunnel is to lose the WAN.
I'll point out things may be far different on non-*nix operating systems; who knows what's going on in those closed-sourced/'black box' devices?
Obviously have been tested.
The KillSwitch is to ensure that the router does not let clients' traffic goes to non-VPN interfaces.