How reliable is the VPN kill switch? Is it vulnerable to failing in certain cirumstances?
Am I right that to allow some client to connect without VPN with MAC/IP policy, I must disable the kill switch?
Is it possible now or maybe in future to have an LED for VPN connection status?
If not possible now, will it be possible in future to permanently delete old clients in the client list?
Does anyone know what the phone company (like ATT or Vodafone) can see about the device with SIM card inside? IMEI and probably other details of the 4G modem, and of course any internet data passing through (HTTP/HTTPS/VPN). But can they see anything else, like the device MAC address or any information that is in GUI?
Regarding the kill switch, I wouldn’t trust it too much. I have a GL-MT1300 (Beryl) router, and I’ve encountered a bug with it. As I write this, I have my kill switch turned on, but I’m NOT going through the VPN.
I had the kill switch turned off and my laptop set to not go through the VPN, which took lots of tinkering and reboots to get it to work. When I removed my laptop from the blacklist and turned the kill switch back on, it seemed to make no difference. I haven’t yet tried reconnecting my VPN or rebooting.
Perhaps for a simpler configuration it’s reliable, but judging from the number of bugs I’ve encountered with the VPN support, I really wouldn’t want to trust it too much.
I verified what you have done but seems it is more a config issue.
I have done this:
Set up vpn policy, mac based policy and remove my pc from vpn
connect vpn
enable kill switch
remove my pc from the list
Disable vpn
Verify that if internet is reachable
The result is that Internet is reachable. Maybe this is the reason you think it is a bug.
But the problem may in Step 4. When you remove your pc from the list, in case you have an empty list, like the below image, you will have all clients not going via vpn.
This has been discussed before but nothing ever got fixed:
In my opinion, you should not be able to click Apply with “Enable VPN Policy” > “Do not use VPN for the following” > All MAC address" as this is totally contradictory. Surely, by default, at least one address should have to be listed.
But, isn’t that the whole point of a kill switch? To ensure that all traffic goes through the VPN? The whole VPN policy feature is flaky, but I’m getting used to its quirks. Turns out disabling then enabling it usually makes it work.
If you use kill switch, you should not use vpn policy to exclude some client device from using vpn.
For some reason, the vpn policy settings is prior to kill switch. We are adding some text to the Kill switch page. Later we will optimize these settings.
If they aren’t meant to be used together, it’d be great if the VPN policy applied when the VPN isn’t connected. It’s confusing to see “this traffic will go over the vpn if you set a rule for it” but then it doesn’t because of the vpn connectivity state.
