It seems the killswitch is totally useless on the Brume 2 with v4.4.6 firmware if you use VPN policy based on mac addresses.
If you set kill switch:
And then enable mac address filtering for specific clients to not use VPN:
There traffic is still blocked. This kinda makes the entire concept of kill switch and policy based routing useless. There needs to be a optional setting you can enable, “dont block for policy based clients which should not use VPN”.
Obviously it needs/should work the following:
Killswitch only blocks for all mac address you dont put in the vpn policy based routing which are excluded for using VPN. Then the clients which always use the VPN, the kill switch blocks traffic in that event until VPN is up again. All excluded LAN clients which should not use VPN should also not be blocked by the kill switch.
Is there a workaround for this?
Also the GUI for the policy based filtering is lacking information next to each MAC address if they were set to be included in VPN or not.
Seems this issue was already reported over a year ago with zero fix so far:
It seemed it worked fine on 3.x firmware and is broken since 4.x
Rendering the Brume 2 literally useless.
Is there a workaround where you maybe can add a IPTABLES rule into rc_local at boot time for specific mac address which allow wan access again?
Update:
I have added this firewall rule into /etc/config/firewall
config rule
option target ‘ACCEPT’
option src ‘lan’
option dest ‘wan’
option name ‘12 allow’
option src_ip ‘192.168.8.12’
option family ‘ipv4’
option proto ‘all’
where 192.168.8.12 is the device in my LAN, which I want to exclude using the VPN. With this rule it seems to work so far, and 192.168.8.12 can reach WAN now without using VPN, and is not blocked anymore by the kill switch rule.
Is this the right way to do this though? It would be better if GLInet would include a optional toggle you can enable under the kill switch, so you can disable the kill switch block for excluded clients not using VPN.
Or the GLInet 4.x web gui automatically adds these firewall rules for each MAC you set up in the exclude list and removes the rules again if you remove them.