Hi,
I have installed 4.3.6 from snapshot for 3 different gl.inet routers and found same behavior of VPN leaks. I hope this post will attract the attention of developers:
#1 Leak
Judging by the posts on this forum, it seems that “Kill Switch” in 4.x is now integrated into the VPN on/off button and should not allow traffic to flow past the vpn, no matter what happens to vpn, when it is on. However, when “Block Non-VPN Traffic” is off and at the moment the router booting or at the moment of changing the vpn connection to another, the router send traffic from vpn users without vpn. It causes a leak of real IP.
I would to highlight, that function “Block Non-VPN Traffic” is useless, because it kills work with the local network.
#2 Leak
in “Modify Proxy Mode”, when you choose “Customize Routing Rules” and put the rule “0.0.0.0/1 link” traffic starts to behave inappropriately: ip addresses go through vpn, but domains go as lucky, some domains go through vpn, some without vpn.
My first idea was that it is a bug in ipset, however, after checking on a fresh install, and on different routers, I did not find that the router enters these addresses into ipset. “ipset flush” also makes no changes.
I also tried to change dns to custom ones, enabled/disabled AdGuardHome with different settings, but the router keeps sending some domains without vpn.
This bug also leads to unpredictable traffic leaks past the VPN.
#3 Lack
After several days of testing, I still could not implement the following architecture, which was implemented in one click on version 3.x: I wish the traffic from router to go without vpn and with dns 1.1.1.1, when clients go via vpn and with dns inside vpn.
In version 3.x, there was a switch “Don’t use vpn for router processes”, witch did the job perfectly.
However, how do I implement this on the new architecture?
#4 Bug
I found that this is a specific bug on MV1000 Brume (no WiFi) with 4.3.6: GoodCloud connection is not working at all. No logs, no errors. On my other routers it works with 4.3.6.
Thanks.