[Brian_K_White]

The only problem with this persons comments is saying "you're wrong" "you're confused" so much.

The actual content is 100%.

Get over the "you're wrong" tone and ingest the tech message.

It's really a misnomer to call the firewall a kill switch since it isn't reacting, it's already in effect, already blocking the bad traffic before the bad traffic happens. No switch is thrown.

Any vpns that DO work that way are silly and should not be used. If this is most popular commercial vpns today, oh well so be it.

The articles going around saying "affects all vpns and nothing can stop it" are also just silly and wrong. But it is probably true that most convenient vpns are currently leaking.

[Borealid]

I can see how you can write rules that block "bad traffic", but I can't see how you write them so they don't also block some "good traffic" when the network assigns a routing rule.

I think the person here might be glossing over writing overzealous rules that cause the VPN connection to go down when an Option 121 route is assigned, when the ideal solution leaves the VPN functional (and causes tunneled traffic to ignore the route).

[Brian_K_White]

That has already been explained a couple times over.

[Borealid]

I don't understand your explanation because you just keep alluding to certain firewall rules but not actually showing them.

If you've done this, could you paste an `iptables -L -v` for me? That would make clear exactly what you're talking about. If there is a problem, I could then point it out, and if there is not, I could then understand how to do what you're saying.