Domain based vpn policy does not work though IP based does

Hi guys,
So, I have a AR750r and the latest firmware (3.211) with a Wireguard VPN set.
I’m enabling “Use VPN only for following” (though “Do not use for following” does not work as well).
The policy does work fine only if I define an IP address but does not work for domains. OS and browser DNS cache are cleared.
Are any ideas where to look else?

Can you post a screenshot and the domain you used so that I can test exactly the same?

Hi, thanks for reply, basically it works same for all domains. Here screenshots for

only domain in policy:

my real location

IP address in policy:

VPN location:

Hmm just a thought since I noticed the same.

Are you using a different lan ip or different interface or firewall zone?

For me it only seems to work on the lan interface and the firewall zone of lan, if I go to test it on vlan or routed aps (the tutorial by openwrt where the wifi ap has its own fw zone and interface and not connect to lan) then it doesn’t work.

My guess is that the script might not support all interfaces yet(?):thinking:, could you confirm if this is the same?

I’m actually didn’t touch a firewall. Just added wg connection and enabled VPN policies. So everything is default. Connected to router’s wifi.
I will send fw configs later when get to the router.

This is what I just tested. It works as expected.

I tested on cable in the lan port.

Two things I noticed:

  1. At first I have a problem with because it always display my real IP. But I found out that is because I have two network set up on my pc (cable and wifi). The wifi is not connected to the vpn router.
  2. When I apply the vpn policy. It does take around 10 seconds to get the correct result. Maybe dns cache problem.

1 Like

If you set up vlans you need to manage the firewall and route etc.

1 Like

so vpn policy works for cable connection only?
Is there a chance to make it work for wifi clients?

It would be nice if something for this use case can be added to the documentation, im total noob with iptables and routing😋

1 Like

It should work for wifi. I didn’t say it does not.

got it thanks. will run more tests
UPD works after some time. Thank you :heart: