TL;DR MAC Based policy is screwing with certain domains on devices not being routed over the VPN
Ok so this is one that has been annoying to debug but i managed to find the root cause being the policy.
I am running the GL router behind another router (ISP). When connected to the ISP router with a device i can use the internet and visit various domains with no issue. when i am behind the GL router which has a MAC BASED VPN Policy in place, my devices that are not in this list are not able to load certain websites such as amazon.co.uk or bbc news. Yet i can google to my hearts content.
If i turn these policies off and disconnect from the VPN all is good. (I am using NordVPN OpenVPN)
Has anyone got any idea why this is happening as i wanted to use the VPN Policies to route one MAC Address over the VPN and leave the rest of the network untouched.
ok so the above link is to a different package. glinet have their own route policy called gl-route-policy which is what is throwing this issue. I have found another thread similar but again seems to go cold turkey around Dec. VPN Policies Issues - #17 by wildtang3nt
ok thanks, i’m running 3.0.24 currently (the one thats available for GL-AR300M) but i just downloaded their image builder and i can compile a version for 3.0.27.
I do find it weird that actually on my router web ui the VPN policies show up but this is not the same as the gl-route-policy so am i correct in assuming that the VPN policies are actually a part of gl-vpn? I think the gl-* stuff is closed source though as i can’t seem to find it on their github
So i have compiled the image for 3.0.27 using the image_builder . (For those interested i can throw the Vagrant file up i used to spin up a Ubuntu box locally)
I then ran
# change directory and compile the image for my router
cd gl_imagebuilder && ./gl_image -p ar300m
# run `./gl_image -l` to see a list of all available images
I then uploaded the .tar file to my router and upgraded to 3.0.27 and it appears to be working. But will report back
how do i go about trying that? Since i have the image_builder from the glinet org on github. Can’t seem to see it in there, unless its on a different branch?
Yes thanks, although the versions in ar300m is infact 0.0.3 behind. Since the image i have build for ar300m from image-builder comes out as 3.0.27. Is there a roadmap we can see of when support for 3.10x would be released for public consumption?
What I always do is and I had this in every v3 firmware I think but couldn’t solve it until recently, I made it a habit to set a “victim” mac address, some device I connect and then block from VPN usage there, after that the config really works reliable. If it’s completely empty somehow not.