GL-MT3000 / Beryl AX 4.8.X - Problem accessing local network

pasy · August 23, 2025, 12:58pm

I have set up a WireGuard tunnel to my VPS using "Policy Mode". It routes traffic from a specific device on the local network. This works perfectly. However, the device itself cannot access the local network while it is in the tunnel. Previously, I had the AT-1800 Slate Router, which ran in “Global Mode.” In this configuration, the device could easily access the local network while connected to the tunnel.

How can I configure the "Policy Mode" so that the specific devise has access to the local network while connected to the VPN tunnel?

9b9e69c2-4b75-4420 · August 23, 2025, 9:58pm

Firmware v4.8.1 will let you split tunnel with a toggle.

pasy · August 24, 2025, 12:11pm

Thank you, I did upgrade to v4.8.1 and it is working! I did set up following VPN rules:

Prio 1. Device --> 192.168.10/24 --> Do not use VPN
Prio 2. Device --> All Traffic --> Use VPN

Did I forget something?

9b9e69c2-4b75-4420 · August 24, 2025, 10:28pm

I don't know but if 192.168.10.0/24 is your (primary) LAN & not your guest network, you've set it to never use the VPN. 192.168.8.0/24 is the default primary LAN, 192.168.9.0/24 is the guest. That's just a FYI for others reading along.

What I might recommend is putting some IP checking domains into a white/blacklist, one per ea. VPN policy, so you can confirm everything is as expected when checking from client devices. Here's some popular ones:

If you think you've got everything set up as you want don't forget to mark the 'Solution' to let others know.

bruce · August 25, 2025, 3:35am

Hi,

I would like to clarify that, for example the Client A and Client B are both in a VPN rule "From - Specified Devices".
When this VPN tunnel (rule) is enabled, can Client A not access Client B through LAN IP?

RPi and KVM in one VPN rule, and no issue.

Bruce_2025-08-25_11-36-40