VPN Policies Difference?

Can anyone tell me the difference between these two policies, please:

Which part do you find confusing?

My question here would be if VPN policy is turned off would all router processes still use the VPN?

My observation is that DNS queries do not go through the VPN unless you turn on Adguard. So there is a DNS leak if you don’t turn Adguard on.

In 3.201, the default policy is that the router’s own process will not use vpn. This caused DNS leak.

So you have to enable vpn policy and turn on this option.

This is fixed in firmware 3.203 snapshot

From my testing, the only way to prevent DNS leak in 3.203 beta 4 is to turn on DNS over TLS or turn on AdGuard and make sure “Override DNS Settings for All Clients” is also turned on.

I tested a lot today. These options does not need to turn on.