Hello, I have the Beryl AX MT3000 (192.168.8.1), to which I have connected a 5G mobile router (192.168.0.1). How can I allow access to the 5G router when VPN is active? With the previous firmware, it was possible to allow WAN access in the VPN settings.
I think you're looking for Policy Mode.
On v4.8.x firmware, if you want to access the WAN subnet (primary router/ISP modem), you have to configure the WAN IP/subnet in "Exclude specified Domain/IP List" and enable "All Other Traffic".
Example, the 192.168.1.0/24 is the primary 5G router:
I am on 4.8.1 Beta on Flint 3 and with the VPN ON I can reach my 2 ISP modems (multi WAN in failover mode) just fine without using "Exclude specified Domain/IP List"... This doesn't seems right...
Do you have the 'All Other Traffic' toggled on? That's probably it. The language for that section's header/title should really be 'Allow (or Enable) All Other Traffic' given it defaults to 'on.'
I usually have it on, yeah, but even with it off I can still reach my Isp modems... 
That toggle doesn't make a lot of sense to me... it should selectively kill "all other traffic" EXCEPT the devices that are already allowed to NOT use the VPN tunnel. This way it basically prevents those devices to connect when it's off.
It's easier to authorize/whitelist than it is restrict, granted. I missed your mention of Multi-WAN. You may have discovered another bug perhaps this time in the routing tables. I'm reposting/linking this because it seems relevant even if you're not use v4.8.0-op24:
I'd take Multi-WAN out of the equation & see if that makes a difference. I would at least hope so.
Hi,
Flint3 with v4.8.1 beta, it seems to not reproduce it. What are your VPN, Mutlti-WAN, WAN configurations?
Connects to 2 WANs and Multi-WAN mode is Load Balance.
If the WAN subnet is not configure in "Exclude specified Domain / IP List", the WAN gateway cannot be accessible.
If the WAN subnet is in "Exclude specified Domain / IP List", the WAN gateway is able to access.
1 Like
Sorry, my bad, I completely forgot that I had allowed WAN acces trough Tailscale! Yes, everything seems ok, thanks for your time.