Issue with VPN Policies + Internet Kill Switch

I have a Beryl running 3.211. I had been running the router with a open vpn client to my vpn service successfully for some time (thank you for helping me set this up). This is set up with a policy with only one MAC address specified in the policy for a Raspberry Pi, which i can remote to via VNC via the LAN IP, however when i enabled internet kill switch this device no longer could connect to the internet with or without the kill switch and VPN client enabled. If i move the SD card from this device to another Pi on the network (with a different mac address) i can at least connect to the public wifi (with or without the vpn client enabled) however the device now seems to be configured for LAN traffic only and has permanently been added to the internet kill switch policy.

The killswitch, will disable Internet if you do not use vpn. It is enhanced security option.

If you always enable vpn, you do not need to enable kill switch.

If you disabled both kill switch and vpn, but sitll cannot access the Internet, may be the firewall is messed up for some reason.

I suggest that you turn it on off again to see if it fixed. Otherwise reset the firmware and set up again.

1 Like

I always turn on Killswitch when using VPN, just in case the VPN connection drops. A VPN connection may drop due to an issue at the VPN server site, a temporary disconnection/reconnection of your client device and/or a temporary failure at your ISP.

When you enabled vpn but connection drops, you will not have Internet. You will not have leak.

The “Internet killswitch” works if you do not Enable VPN at all. You are forcing to use VPN to access Internet.

Hope the above explains it.

1 Like

There is a difference between the Internet connection and the VPN connection:

  • When there is an issue at the VPN server site, my Internet would still be working, so my traffic would be exposed.
  • When there is a temporary disconnection, then reconnection of my client device (VPN app on client deivce), or when there is a temporary failure, then recovery at my ISP, the VPN connection may not be re-established for a period of time or not at all, so my traffic would be exposed.

I am aware that the “Internet killswitch” works if I do not Enable VPN at all, which is why I stated that I turn it on when using VPN (i.e., not when I am not using VPN).

Thanks, I was looking for this answer. And just to confirm, if the VPN is enabled, there should be no leak, just like having the kill switch on without turning it on from the global options.

Yes you are right. That is how it should work.