User2288 This is definitely a problem. The fact that the vpn ia not actually fully isolating the lan but claiming it, is definitely misleading.
I don't think it is maliciously misleading, more of that is how networks work. The kill switch and blocking LAN option, should be working as intended. You won't (shouldn't) be able to access other local device IP addresses. It's just that layer 2 traffic and multicast traffic do not, by default, route over a VPN. These protocols are contained inside of the local network. If all LAN access was blocked, the internet would not work because you wouldn't be able to get an IP address.
All that said, it may not be a bad idea to double check that the kill switch is actually working.
John-longson Have you verified that the kill switch with LAN blocking is actually working as intended? If it is on, you should not be able to access your router IP address or any local IP addresses.
I was not able to replicate getting the Spotify session to come up, but it could be my set up. Verified with a packet capture that Spotify does use mdns (Multicast DNS), which does not go over the VPN even if the kill switch and blocking LAN is enabled. As mentioned above, it appears to be the expected behavior.
Couple links on mdns/multicast.
https://www.reddit.com/r/HomeNetworking/comments/ss8b1k/mdns_broadcasting_through_vpn/
https://forum.netgate.com/topic/151156/how-to-use-mdns-via-avahi-with-vpn-interface
User2288 John-longson Another solution I found was isolating my device on a guest network.
Did this work?
It should work. The following options should all work as they limit/disable local network device to device interaction.
- Guest network
- Client isolation
- Separate physical networks
- Custom firewall rules