Surely GL should know this and not be asking us?
I did a thorough test of firewall settings outlined in this post (note - these tests were done using OpenVPN and not Wireguard):
Quoted from said post: “I noticed that disabling Masquerading on the WAN interface (recommended by Air VPN) appears to fix the IP leaks on boot (ie. before the VPN connects).”
Note: GL seems to have now plugged these leaks with an alternative means (don’t know how).
My conclusion “Hopefully the developers will implement these changes as defaults (unless I am missing some reason why not?)”
I use my GL router exclusively to route ALL my traffic (I use wireless only) through a VPN (no internet if VPN drops) and have changed my firewall settings thus:
Glitch