Discovering other device despite VPN is Turned On [Beryl]

dun · 2022-06-04T04:43:52.953Z

Good day everyone!

I’m having trouble isolating two computers on the network, despite the other being on VPN network.

Please see my diagram:

Screenshot 2022-06-04 123858959×465 27.2 KB

I’m trying to isolate Computer A from Computer B, but Computer B is still able to see A.

Any settings on Beryl that I can configure to completely isolate B?

Thanks so much for your help :]

LupusE · 2022-06-04T08:33:29.504Z

The VPN isn’t a protection in ‘Repeater mode’.

The repeater means there is a connection between Client A and Client B. it is the same network.

You could setup the firewall via iptables or something like that. But maybe it is easier to set the Beryl in router mode and set a own network for Client B. Regarding Ng of your Idea from ‘compltely isolated’.

In Default, there is no route from Network A to Network B, the communication from Client A to Network B is not possible. But Client B can reach the Network A (as well as Client A) over the Beryl. This behaviour can be managed by much easier firewall rules.

‘Completely isolated’ would be a DMZ in your router. The Beryl only is able to act as client inside Network A, it can’t configure Network A.

wcs2228 · 2022-06-04T17:53:09.937Z

Confirm that the VPN is connected to the external VPN server (whatismyipaddress.com should show the IP address of the VPN server), that VPN Policies are turned off on the GL-MT1300, and that the GL-MT1300 is in Repeater/Router mode (the 2 computes are on different subsets).

Can you post the output of traceroute from Computer B to Computer A (run tracert in Windows)?

I do not work for and I am not directly associated with GL.iNet

alzhao · 2022-06-07T07:18:55.563Z

Please post more details of the vpn on MT1300. B should not be able to access A when VPN is enbled unless you set up vpn policy to let it happen.

alzhao · 2022-06-07T07:19:44.078Z

LupusE:

The VPN isn’t a protection in ‘Repeater mode’.

The VPN client on MT1300 should shield the network of the main router (as well as A). Let’s wait for more details.