UniFi's VPN kill switch has a non-obvious failure mode: pausing or removing a VPN interface in the UniFi management UI silently breaks the kill switch, causing affected devices to route traffic through the next available interface instead of blocking it. This happens because pausing the VPN removes the interface on the backend, invalidating the policy route without any warning. The kill switch works correctly when a VPN goes down naturally. To properly test the kill switch, use wrong credentials or block the VPN server address rather than pausing or removing the interface.
β’2m watch time
Sort: