Hello! My router recently arrived and yesterday I was configuring it.
I have installed a VPN client ( with NordVPN ) and I have put the VPN policy based in VLAN ( I just want the traffic from the wifi guest network to go through the VPN )
The problem comes when I activate the kill switch (called in this version: Block non-VPN Traffic)
By having selected that the normal network does not travel traffic through the VPN, if I activate the “ Block non-VPN Traffic “ Then the normal Wi-Fi network stops having access to the internet because of the kill switch.
It seems that the kill switch has a higher priority than the VPN policy, and this should not be the case.
The kill switch becomes unusable. In previous versions and on other routers (beryl for example) this didn’t happen.
Please, I need help with this, I need to use the VPN without running the risk of leak because I don’t have a kill switch
Someone had similar issue also using the v4 firmware but on the flint here, they had to revert to firmware v3, there is no v3 for SlateAX, this needs to be looked into.
In the image you can see how the VPN is in “ Enable “ But it haven’t connected yet.
In turn, you can see how the mobile (connected to the guest network where the VPN is enabled) HAS INTERNET and is NOT connected to the VPN (because the router has not yet connected).
It is clear from this test that the alleged kill switch that comes with the VPN does NOT work (or does not exist).
I am very afraid to think that there are such serious security errors in a router designed precisely to make our network more secure.
What?? Is this real? You have internet with the kill switch angled and no VPN connection yet?
Glint this is bad.
Also why change the name of the Kill switch, so confusing!
THIS HAS WORKED! it is clear that it was a problem with the version that came with the router itself (which had been compiled prior to this one that you have shared with me).
I am very grateful for the attention and speed in finding the problem and finally giving me a solution!
I’m having a similar issue as @mister_mst was having (although I’m using device based policy rather than VLAN)
Basically I only want my macbook to always connect through VPN and if VPN is not available, access to the internet should be blocked but only on this one device. I am using the WireGuard protocol with PrivateInternetAccess VPN
My problem is that when the “Block non-VPN Traffic” option is enabled, the devices on the exception list that are NOT using VPN don’t have access to the internet at all and based on this thread I was under the impression that the exception list would bypass the “kill switch” setting
I guess since “Block non-VPN Traffic” option is a global setting, it may not make a difference if there is an exception list but again, since the behavior described by @mister_mst seemed to work with the firmware update (which I also performed), I thought I would have the same luck.
I did try the VLAN option to have the macbook only connect to the private network and everything else to the Guest network but it still didn’t work when “Block non-VPN Traffic” was enabled.
I don’t have the option activated to block all VPN traffic.
As described by technical support above, the VPN connection has an internal Kill-Switch that works every time the connection to the VPN is lost (hasing the computer not to have an internet connection if the VPN is not connected).
The “Block-Non-VPN-traffic” will not let you browse with your computers that are not connected to the VPN
Ah ok, I thought you still had that option enabled. I understand the behavior now and I was able test it by checking access while the vpn was connecting like you did in your screenshot. Thanks for the clarification!
new account for this post Ive got the Flint, so my journey is as follows, kept getting ‘‘hostapd: ath0: STA MACADRESS IEEE 802.11: disassociated’’ and all my wifi goes down every 10 mins for the past few weeks,
So in a last ditch before I return it ‘‘ill upgrade to the beta’’ and it is better in most ways, but what is this ‘‘built in kill switch’’ no its not, because all it does is soft drop that active task, if you refresh the page you will request a connection and the router grants it, so all thats going to happen is you will just refresh on a device because it didn’t respond and boom juist like that DNS leak!!!
so for the name of the router im aptly ''stuck between a rock and a hard place :D:D:D:D
I stay on sub 4.0 beta firmware and wifif drops out like allday every day all day every day,
or I put up with my router silently killing my P2P connections that are going through a vpn router to be set and forget,
there has to be a more robust fork of VPN policies that was taken away, becuase I will not be trusting the ‘‘in the background’’ kill switch’’ because it does not work, be good if we could find a way to ssd and get VPN policies that work, or a built in kill switch that really does kick a ip or mac address once there has been a vpn related network change…