VPN + Kill Switch

Technical Support for Routers
1

I want to confirm my understanding as a new Brume 2 user using PIA Wireguard VPN.

Is it correct to say that if using the “Based on the Client Device” and I have a device listed to “Use VPN”, it is as affective (for that device) at blocking non-vpn traffic as having the global option of “Block Non-VPN Traffic” selected? Conversely, if I have a device listed listed with “Do Not Use VPN”, is that as affective for all other devices (not listed) as the global “Block Non-VPN” traffic?

Is there a way to test a VPN failure to ensure no normal traffic gets through, like using an invalid VPN configuration file?

Also, how can I allow BOTH specific devices as well as specific URLs at the same time to not use VPN?

Thanks!

1 Like
2

If “Block Non-VPN Traffic” is enabled, all non-VPN traffic will be blocked, no matter what policy you use.
That is, devices you set up to not use a VPN will not be able to access the Internet.

This feature is still under discussion. Can you tell us about your usage scenarios?

3

Thank you. The functionally of "Block Non-VPN Traffic” is pretty clear to me. What was unclear is the protection when this toggle is off, VPN is on, and there is a problem with the VPN connection. Will my internet traffic be exposed?

Traditionally, folks turn on a VPN Kill Switch to protect from VPN service dropping for some reason. Just wondering if it is necessary to have that toggled on to protect myself.

Regarding my use case for having both devices AND ip addresses being allowed to bypass VPN is as follows: I want to allow IP addresses of streaming services and gaming services as many of those services do not work under a VPN, and I have devices that don’t need VPN protection which cause negative side affects such as repeated captchas with Google searches (public and internal).

Are you aware of a way to do this currently?

Thanks again!

4

Please refer to Global Options of VPN Client - GL.iNet Router Docs 4 (gl-inet.com).
If it is disabled, some traffic of software maybe skip VPN. It doesn’t just block VPN disabled.

5

I think you should handle this feature a little different then, because in my experience even when the VPN is off, it blocks all traffic regardless, which is annoying to deal with. You should only block the traffic when the VPN is on but failing to connect instead. That way, you are still protected if a VPN fails, but when the VPN is explicitly disabled by the user (side switch or just off in the Web UI), traffic can pass freely.

Kind of like modern VPN clients do on the desktop, see IVPN and Mullvad’s clients for reference.

1 Like
6

Thanks for the feedback, we’re already discussing how to split it up.

7

Something like this could work:

  • [:ballot_box_with_check:] Block Non-VPN Traffic when connected
  • [:ballot_box_with_check:] Block Non-VPN Traffic at all times

And if neither is checked, do nothing

The first checkbox should be automatically checked and disable user interaction when the second is checked, so that it’s clear it encompasses the first option too

8

Not sure if this is what your first option meant but I would like:

[:ballot_box_with_check:] Block Non-VPN Traffic when VPN turned on

This means that if I have chosen to turn on VPN, regardless of whether the VPN provider is connected or not, non-VPN traffic will not go through.

Just happened this morning that my chosen VPN server when offline and the connection feel back to non-VPN connection. This is what I want to avoid.

9

Yeah that’s what I meant. What’s annoying is when it’s on right now, it blocks everything even when the VPN is OFF

10

I would like to see the option to block all non-VPN traffic at the Policy Mode level offering the same security as the Global setting.

Example option with “Do Not Use VPN” selected:
[:ballot_box_with_check:] Block Non-VPN Traffic except as indicated below

Example option with “Use VPN” selected:
[:ballot_box_with_check:] Block Non-VPN Traffic for those indicated below