I have 2 Beryl’s as client and server respectively.
When running tcpdump on client (apclix0 interface which is outgoing internet wifi) and manually disconnecting from VPN with Internet Kill Switch ON I can see this
Set Internet Kill Switch ON, only allow the ip through the open internet, is from vpn. as:
21:12:15.976832 IP 10.0.0.2.53405 > 34.160.111.145.443: Flags [R], seq 3004066983, win 0, length 0
21:12:16.056833 IP 10.0.0.2.53422 > 3.91.171.234.443: Flags [R], seq 3619410191, win 0, length 0
the ip source is from VPN ip, maybe not the IP leak.
the iptables rules store, you can start it at system start. as follow:
(1) create file: /etc/init.d/start_my_iptables
(2) the file set iptables, as: