IP leak when switching Wireguard server

Max3 · June 3, 2022, 2:35pm

After importing some Wireguard configuration files, I tried to switch between servers to test speed and ping.
If I switch from a server to another and I imediately open a page like ipleak.net or dnsleaktest.com while the client is connecting, my ISP IP is exposed.

beniamin · June 4, 2022, 5:18pm

IMO, I don’t see how you can avoid this. You are disabling the VPN connection, to reconnect to another.

If the VPN connection broke, but the profile was still active, it would not leak due to the Killswitch.

wcs2228 · June 4, 2022, 6:19pm

Have you tried enabling “Block Non-VPN Traffic”?

Max3 · June 4, 2022, 6:34pm

Mmm…
So what’s the point of this message?

It says that switching between configuration files while the client is running, there should not be any traffic leak… Am I missing something?

Max3 · June 4, 2022, 6:38pm

Thanks, that works of course, but I am posting this because the UI clearly says that switching between configuration files while the client is running should not produce traffic leakage…

wcs2228 · June 4, 2022, 8:07pm

I see what you mean. I seem to recall the same message is on other GL.iNet routers, but have not personally tested for leaking when there may be a short interval of no VPN during the switch. I always enable Kill Switch when using VPN, which seems to have been changed to the “Block Non-VPN Traffic” option in the GL-AXT1800.

As a related note, GL.iNet’s Kill Switch blocks traffic even if you do not Enable VPN at all, which forces you to use VPN to access Internet. This is different from commercial VPN providers’ definition of Kill Switch and seems a bit confusing.

Max3 · June 4, 2022, 8:21pm

Yeah, exactly. The message on previuos UI is a bit different and more generic. Here basically the massege is saying: no leak while changing conf. file (WG server).
So, or the option is not working, or is poorly explained/confusing. Or maybe I am missing something…
Anyway, I usually enable kill switch too. But since I am testing… let’s be curious!

beniamin · June 5, 2022, 1:48am

Ah I’ve never seen that before. Good to know

alzhao · June 6, 2022, 3:18am

The text is correct. The function is buggy.

alzhao · June 7, 2022, 5:11am

I am uisng firmware release 2 and I don’t have IP leak when switching wireguard servers.

This bug was in firmware beta2 and was fixed.

Can you please test again?

Max3 · June 7, 2022, 6:02am

Actually I tested it using firmware release 2.
Just re-tested, no leak on first try, then I had leak switching server again.
Tested several times, seems not consistent but it happens very frequently…

alzhao · June 7, 2022, 6:29am

Seems you used a differnet vpn policy. Can you show the details?

Max3 · June 7, 2022, 6:34am

Yeah, I am using VPN Policy based on the Client Device, defined by MAC address: 2 Chromecast in my house are not using VPN.

alzhao · June 7, 2022, 7:10am

Yes. Checked. If set vpn policy like this it will cause IP leak when changing wireguard profile.

For vpn global policy it does not have leak.

Developers are checking if this can be fixed.