Brume 2 GL-MT2500 firmware 4.4.5 stable blocks AP google services

Setup:
Brume 2 GL-MT2500 with 4.4.5 stable firmware uses as main router, Lan to general unmanaged switch.
TP-Link wifi6 router connect via AP(Access Point) Mode through one of the LAN to general unmanaged switch.

I am having issue where Google services, map, google search, news, etc. are not able to be reached if devices are connecting through TP-Link AP, either wireless or rj45. Any devices connected to the general unmanaged switch is working as normal.

I do have adguard home service on the Brume 2. However, turning adguard home off and reboot does not fix the issue. I had this issue before on firmware 4.1.1 or 4.2.0.

Firmware 4.2.1 and 4.2.3 do not have this issue, but VPN clients and servers are being reconnected every few minutes, causing network offline to the internet. 4.4.5 VPN client is working so far, but I have to wait and see, as it is whole other issue.

Is there a firewall setting to unblock google services when connect to AP?

Thanks

AdGuard looks fishy, please check (configuration) if any blocking list was added to cause this.

Do you have any issue with other network application such as web video music etc ?

like I said, it was resolved when firmware 4.2.1 was updated. However, other issue with VPN was introduced. Adguard, turn off or uninstall does not fix the google issue. Even with AdGuard was on, I never have problem with google service via wired through the switch. It only affect the access point wire or wireless.

youtube app works fine. only google dns (edge, chrome, safari, firefox) or google services on iphone/ipad/windows 10/ubuntu/etc… So if I would go to www.google.com, news.google.com, map.google.com or using google service on ipad for search, it will not work. I change different AP to make sure it is not an isolate issue with the single unit. TP-Link, netgear, asus, none of it was working with google services on 4.4.5 firmware.

Please use firmware 4.4.5 , then connect a PC to the AP, and check the IP parameters like below. Please upload a screen shot.

You mentioned VPN.

Do you have these problems when you enable vpn? Or without VPN.

I was having problem with 4.2.1 VPN wireguard server and openvpn client. When VPN is off, there was no issue. Google services were working as normal without any problem through Access Point wire/wireless, regardless of VPN on or off.

Regarding 4.4.5, I was just upgraded to this version. VPN client connected and working for a few hours now without any issues. I am waiting for my friend to test wireguard VPN for a few days to see if anything is wrong. However, the google service on Access Point is not working (the same issues on 4.2.0 or 4.1.1).

See below for wireless adapter status.

If you connect to the router directly (or via the unmanaged switch), the Google services works OK but only having problems with the APs, then it is strange. This should not relate to the vpn you set up on the router.

As you marked the IP address, I cannot tell if there is anything strange with that. Can you check if the IP address info are the same when you connect to the unmanaged switch and AP?

I was under the weather for the last few days.

Anyhow, my ip is the same subset as the brume 2 router: client ip 192.168.8.3, router ip 192.168.8.1

I solved the issue by running tcpdump to monitor traffic, and found OpenVPN client is the source of the problem. When OpenVPN client is connected to the server with Modify Proxy Mode as “Based on the Client Device,” only devices on this list is working properly. Other devices connect to access point will still works, but services from google and amazon will be dropped.

the way I make it work is to select Global Proxy from VPN Client → VPN policy Base on the client Device. it will route all traffic to VPN and services from google and amazon will work as normal. Then go back to VPN Client → VPN policy Base on the client Device change to “Based on the Client Device.” Now everything is working as it should.

It is a tedious job that I have to do this every single time reconnect to VPN server or VPN service is reset. I hope you fix it on the next update.

notice: I don’t have many extra packages install on the Brume 2. Beside the base update, the app installed are wake-on-lan, adguard home, OpenVPN client, Wireguard Server, and tcpdump.

VPN modify Proxy Mode598×539 28.7 KB

VPN-Dashboard1047×600 48.1 KB

Sorry can you clarify from which setting to which setting?

1. After logging into the router, go to VPN → VPN Dashboard.
2. Under VPN Client → (click on) VPN Policy Base on the Client Device → (tick) Global Proxy.

At this point all devices on network will be routed to VPN, services like google and amazon will work again.

3. Under VPN Client → (click on) VPN Policy Base on the Client Device → (tick) Based on the Client Device

Only traffic from devices “defined by MAC address” are being route to VPN. However, services like google and amazon will work to all devices.

If router is reset or VPN is disable and re-enable. The whole process must start from step 1 in order for non-vpn connected devices to to gain access from google or amazon.

It looks like openvpn server push some route to the router which changes the routing.

I will ask developer to have a check. Will pm you.

I am using Nord openvpn on MT2500, v4.4.5.

I set up vpn policy, based on the client device and filter by mac address.

I checked google service and it goes to vpn.

When I restart vpn, restart router, the rules still works.

So for your issue, can you pls check:

1. If this is an issue specific to your opvn config? opvn server may push some rules. The firmware should already filter these rules but I have to get your config to try.
2. If this is an issue brought when upgrading. So you can reset the firmware and set up everything again to check.