Hello
I have a stupid requirement, that I can't seem to get working. Here's the layout:
ISP Modem (bridge mode) > Flint 2 (v4.7.0) > Home VLAN and Guest VLAN
Guest WiFi is enabled, which is always connected to a VPN to protect myself from DMCA notices (my kids friends visiting, and they love their torrenting. this is the only reason i bought this router.)
WG client uses VPN policy based on VLAN (Guest), In global options, Block non-VPN traffic is Off. Allow Access WAN is Off. Services from GL.iNet use VPN is Off. AP Isolation is On under Network > Guest Network.
Now I have a jellyfin server connected via ethernet to my home VLAN. I have a port forwarded from my router, and I can provide access to this server away from home. I also have other services publicly accessible, but lets take jellyfin as an example here.
If I connect to the guest WiFi, I can not access jellyfin or any of the publicly available services on my home VLAN. I would think since I am connected to VPN, all my data is tunneled out before it reaches my WAN IP>home VLAN, but it looks like NAT hairpinning comes into play, and before any packets go out destined for my WAN IP from my guest wifi, they get blocked by VLAN isolation, and I can't access any of these services.
I can access this jellyfin server from my mobile data, or from my phone connected to a VPN, so it is externally accessible.
I had previously enabled adguard home on the flint 2, but that made guest WiFi lose DNS resolution. I could ping IPs, but not resolve any names. So I moved adguard home to a separate server on my home VLAN. But that's a problem for a separate thread.
I have never been able to remotely access my Plex server when VPN client is active on my router no matter what combination of VPN or port forwarding settings I have tried, I guess this is because all traffic and pings are unavoidably and strictly tunnelled through the VPN as you said but you have also added client isolation as another complicating factor in your case. I would also be quite interested if you find a solution. My only workaround so far is to completely exclude the Plex server from using VPN.
Did you try enable remote access Lan on the wireguard client settings? If you have already and it doesn't solve the issue then I think you will need to add a firewall role in luci
No, I haven't tried that. But my thinking is that I shouldn't have to do that. I want to keep my home VLAN private, except for the stuff exposed to the internet.
That is, if my jellyfin server is open to the internet, my guest WiFi connected to a VPN should be able to access it, but my guest WiFi should not be able to access other services on my home VLAN.
I have the same issue but with a slightly different setup. I have no VPN, just the main LAN and my guest network. A client in my guest network can access the internet but is not able to connect via a domain to a server running in my main LAN. The server is accessible from within the main LAN and also from extern (mobile). Any ideas are welcome
