MT-1300 here, FW 3.212 (or 3.215), VPN client connected, VPN policies already used for target-host based exceptions (Policy “Domain/IP”, Rules “Do not use for the following”). Additional Policy: “Use VPN for guest network” - disabled.
Is there an easy (e.g. GUI) way to excempt a single ethernet client from using the VPN?
Maybe by assigning it to GuestNet (no need for GuestNet-DHCP to be available)?
Already tried adding its LAN IP to VPN policies but (es expected) those are target exceptions, not source exceptions.
VPN policies already used for target-host based exceptions (Policy “Domain/IP”, Rules “Do not use for the following”)
So one could rephrase the question to: How can I use Domain/IP policies and MAC Address policies at the very same time?
GUI solution preferred but would edit some configs on the CL as well.
…found an (mostly for myself*) better way to enable both lists at once:
I edited /etc/init.d/gl_route_policy to permanently set glconfig.route_policy.type to domain_bypassandmac_bypass.
Tested and working in firmware 3.212, should work in all similar firmwares.
.
* my solution completely disables VPN modes other than Do not use VPN for the following