Beryl AX / 4.8.3-op24 / VPN not being used?

I know its beta firmware but was under the impression its effectively stable now so testing it.

I have an issue with my VPN (Wireguard specifically to a home endpoint).
Although its turned on, tunnelling and basically works, it occasionally stops working in that although the GUI shows connected, the traffic reverts to going direct via the real IP instead from devices. It does this randomly with no warning. Turning the tunnel off and back on doesnt solve it - i have to reboot the device, then it works again for a while and stops.

One thing i think is related, if i have VPN policy to “All Devices” it seems to work as intended. If i have any devices at all in the “Exclude devices”, even non active devices only then the problem appears. If i toggle to “All Devices” then back to exclude, again it works for a time then bypasses.

When its bypassing the VPN, even with the Enhanced Kill Switch turned on, traffic still routes normally through the router to the internet using the real IP so the router seems to THINK its still using it but isnt.

Its not the tunnel itself - its fine elsewhere and its not the actual network as again its fine elsewhere.

Logs dont appear to show anything useful':

Fri Jan 23 09:04:01 2026 daemon.notice netifd: wgclient1 (4233): Try again: `xxxxxxxxxxxxxxxx:51880'. Trying again in 1.44 seconds... 
Fri Jan 23 09:04:02 2026 daemon.notice procd: /etc/rc.d/S95vpn-client: Found matching instance wgclient1 for rule peer: 2001 
Fri Jan 23 09:04:03 2026 daemon.notice procd: /etc/rc.d/S95vpn-client: Starting instance wgclient1 (has enabled rules) 
Fri Jan 23 09:04:06 2026 daemon.notice procd: /etc/rc.d/S95vpn-client: = File: /tmp/dnsmasq.d.wgclient1/via_domain = 
Fri Jan 23 09:04:06 2026 daemon.warn dnsmasq[1]: no servers found in /tmp/resolv.conf.d/resolv.conf.wgclient1, will retry 
Fri Jan 23 09:04:06 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.wgclient1 - 4 names 
Fri Jan 23 09:04:06 2026 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.wgclient1 - 4 names 
Fri Jan 23 09:04:08 2026 daemon.notice netifd: wgclient1 (4233): Try again: `xxxxxxxxxxxxxx:51880'. Trying again in 1.73 seconds...
Fri Jan 23 09:04:08 2026 daemon.notice procd: /etc/rc.d/S99adguardhome: \[!\] Section ovpnserver2wgclient1 option 'src' specifies invalid value 'ovpnserver'
Fri Jan 23 09:04:08 2026 daemon.notice procd: /etc/rc.d/S99adguardhome: \[!\] Section ovpnserver2wgclient1 skipped due to invalid options
Fri Jan 23 09:04:08 2026 daemon.notice procd: /etc/rc.d/S99adguardhome: \[!\] Section wgserver2wgclient1 option 'src' specifies invalid value 'wgserver'
Fri Jan 23 09:04:08 2026 daemon.notice procd: /etc/rc.d/S99adguardhome: \[!\] Section wgserver2wgclient1 skipped due to invalid options
Fri Jan 23 09:09:34 2026 daemon.info dnsmasq\[1\]: reading /tmp/resolv.conf.d/resolv.conf.wgclient1
Fri Jan 23 09:09:34 2026 daemon.notice netifd: Interface 'wgclient1' is now up
Fri Jan 23 09:09:34 2026 daemon.notice netifd: Network device 'wgclient1' link is up
Fri Jan 23 09:09:36 2026 user.notice firewall: Reloading firewall due to ifup of wgclient1 (wgclient1)
Fri Jan 23 09:09:39 2026 daemon.info dnsmasq\[1\]: reading /tmp/resolv.conf.d/resolv.conf.wgclient1
Fri Jan 23 09:09:39 2026 daemon.info dnsmasq\[1\]: read /tmp/hosts/dhcp.wgclient1 - 4 names
Fri Jan 23 09:09:39 2026 daemon.info dnsmasq\[1\]: read /tmp/hosts/dhcp.wgclient1 - 4 names
Fri Jan 23 09:09:56 2026 daemon.info dnsmasq\[1\]: read /tmp/hosts/dhcp.wgclient1 - 4 names

Fri Jan 23 09:51:12 2026 daemon.info dnsmasq\[1\]: read /tmp/hosts/dhcp.wgclient1 - 4 names
Fri Jan 23 09:51:12 2026 daemon.info dnsmasq\[1\]: read /tmp/hosts/dhcp.wgclient1 - 4 names
Fri Jan 23 09:51:16 2026 daemon.warn dnsmasq\[1\]: no servers found in /tmp/resolv.conf.d/resolv.conf.wgclient1, will retry
Fri Jan 23 09:51:16 2026 daemon.info dnsmasq\[1\]: read /tmp/hosts/dhcp.wgclient1 - 4 names
Fri Jan 23 09:51:16 2026 daemon.info dnsmasq\[1\]: read /tmp/hosts/dhcp.wgclient1 - 4 names
Fri Jan 23 09:51:17 2026 daemon.info dnsmasq\[1\]: reading /tmp/resolv.conf.d/resolv.conf.wgclient1
Fri Jan 23 09:51:17 2026 daemon.notice netifd: Interface 'wgclient1' is now up
Fri Jan 23 09:51:17 2026 daemon.notice netifd: Network device 'wgclient1' link is up
Fri Jan 23 09:51:18 2026 user.notice firewall: Reloading firewall due to ifup of wgclient1 (wgclient1)
Fri Jan 23 09:52:05 2026 daemon.info dnsmasq\[1\]: read /tmp/hosts/dhcp.wgclient1 - 4 names

I will revert to non op24 if needed but id rather now as i need the external USB Wifi support provided by Op24 in some cases.

Is this a known firmware bug or anything obvious im missing? I cant see anything in forum searches to try or help.

Hi

Could you provide a screenshot of Admin Panel → VPN → VPN Dashboard so that we can understand how your VPN is configured?

Based on the logs, it appears that the WireGuard VPN client experienced fluctuations, causing intermittent disconnections. If the Kill Switch is not enabled, during these periods LAN client traffic will exit via the WAN, which is expected behavior.

image1567×987 75.9 KB

Just to add, the disconnect/reconnect was me restarting the router power (the gap of 40 minutes)

Screenshot attached of tunnel but also note when enhanced kill switch is on, it STILL routes traffic via the real ip (it doesnt stop traffic).
This suggests the router itself thinks the VPN is still connected.

The logs indicate that prior to the reboot, the router had already detected issues with the VPN connection and attempted to reconnect.

From your screenshot, it looks like the Kill Switch hasn’t been enabled.
Please try to turn in on and see if the issue happens again or not.

image958×944 58.8 KB

Under normal circumstances, if the Kill Switch is enabled but the VPN is unavailable, traffic will not be able to exit to the internet.
(The Dashboard status update may take a bit of time to avoid frequent interface UP/DOWN caused by minor network fluctuations.)

image1893×945 110 KB