Guest AP firewall zone forwarding lost on VPN connect/disconnect

Hi there,

I have a second (guest) AP configured on my AR150 with the guest firewall zone forwarding to the WAN zone, however when I enable or disable the VPN the zone forward is lost (changes from wlan_guest => wan, to wlan_guest => REJECT). Is there any way to keep this setting intact between VPN state change?

I also find when the VPN is connected and I fix the zone forward, the guest AP loses Internet access. Is there any way to allow WAN access on the guest AP without the traffic going through the VPN?


I think if you don’t check “force vpn” then the firewall will not be touched by setting up the vpn. If you choose this option, the firewall rule will be changed. Unfortunately it doesn’t consider your guest network.

Does your guest AP has another subnet? If yes, then this can be possible. Check these two files: /etc/firewall.user and /usr/bin/setvpnfirewall

1 Like