GLiNet’s Firmware 4.9 is in beta, but this occurs on 4.8 as well.
When you create a VPN tunnel through Wireguard, even with Enhanced Kill Switch and the option to specifically “Force GLiNet Services to use the VPN”, this doesn’t appear to be the case for at least the following services:
cloudflare
time.cloudflare
gl-inet
fw.gl-inet
firmware-api.gl-inet
any domain you use nslookup to test
These are registered as being accessed by your true IP, despite the Wireguard connection. Any on-device Wireguard configuration successfully cloaks the IP. The router-based configuration as deployed by Gl-inet seemingly does not.
Previously I monitored outgoing connections or DNS lookups through anonymized logs. Now switching that off, I see it’s detecting my true IP, which I always want to hide.
Could anyone verify the same? Or is this a non-issue?
My DNS requests are being done over QUIC to nextdns, it was their logs that provided the IP leak.