Possible IP leak with Beryl

I have 2 Beryl’s as client and server respectively.

When running tcpdump on client (apclix0 interface which is outgoing internet wifi) and manually disconnecting from VPN with Internet Kill Switch ON I can see this

21:12:15.976832 IP 10.0.0.2.53405 > 34.160.111.145.443: Flags [R], seq 3004066983, win 0, length 0
21:12:16.056833 IP 10.0.0.2.53422 > 3.91.171.234.443: Flags [R], seq 3619410191, win 0, length 0

I know this is leaving the wg0 interface (10.0.0.2) but why are these packets leaving through the open internet?

I would like to understand if this is a leak, and if not why. Wouldn’t the destination be able to see these packets coming from my IP?

Ok, so I was able to find an apparent solution I am happy with (gives me peace of mind).

I basically whitelisted the only things that should go out from apclix0 and blocked everything else

iptables -A output_rule -d 8.8.8.8,8.8.4.4,<my-vpn-ip-address>,192.168/16 -j RETURN
iptables -A output_rule -o apclix0 -j DROP

How do I save iptables rules on Beryl for restart? iptables-save is not working. Rules don’t persist after reboot.

You can try adding them to LuCI → Network → Firewall → Custom Rules.

I do not work for and I do not have formal association with GL.iNet

Set Internet Kill Switch ON, only allow the ip through the open internet, is from vpn. as:
21:12:15.976832 IP 10.0.0.2.53405 > 34.160.111.145.443: Flags [R], seq 3004066983, win 0, length 0
21:12:16.056833 IP 10.0.0.2.53422 > 3.91.171.234.443: Flags [R], seq 3619410191, win 0, length 0

the ip source is from VPN ip, maybe not the IP leak.

the iptables rules store, you can start it at system start. as follow:
（1） create file: /etc/init.d/start_my_iptables
（2） the file set iptables, as:

image739×203 6.02 KB

when system start, execute: /etc/init.d/start_my_iptables start

will set the iptables rules