MT6000 VPN & DNS issue

I have Flint 2 configured with Policy Routing. It is on firmware v4.8.2-op24.
Something that has been bothering me, but I have been ignoring for some time:
Hosts (by IP or name) in my exclusion list for the Wireguard VPN (to the UK) become simply unreachable.
```
C:\Users\odhiambo>ping amazon.com
^C
C:\Users\odhiambo>ping amazon.co.uk
^C
C:\Users\odhiambo>ping gmail.com

Pinging gmail.com [142.251.30.17] with 32 bytes of data:
Reply from 142.251.30.17: bytes=32 time=169ms TTL=113

Ping statistics for 142.251.30.17:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 169ms, Maximum = 169ms, Average = 169ms
Control-C
^C
C:\Users\odhiambo>nslookup
Default Server: console.gl-inet.com
Address: 192.168.8.1

amazon.com
Server: console.gl-inet.com
Address: 192.168.8.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to console.gl-inet.com timed-out

gmail.com
Server: console.gl-inet.com
Address: 192.168.8.1

Non-authoritative answer:
Name: gmail.com
Addresses: 142.250.129.19
142.250.129.18
142.250.129.83
142.250.129.17

freebsd.org
Server: console.gl-inet.com
Address: 192.168.8.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to console.gl-inet.com timed-out

fast.com
Server: console.gl-inet.com
Address: 192.168.8.1

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Request to console.gl-inet.com timed-out

C:\Users\odhiambo>ping paypal.com

Pinging paypal.com [151.101.3.1] with 32 bytes of data:
Reply from 151.101.3.1: bytes=32 time=170ms TTL=56
Reply from 151.101.3.1: bytes=32 time=175ms TTL=56
Reply from 151.101.3.1: bytes=32 time=168ms TTL=56

Ping statistics for 151.101.3.1:
Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 168ms, Maximum = 175ms, Average = 171ms
Control-C
^C
C:\Users\odhiambo>ping wyze.com

Pinging wyze.com [23.227.38.33] with 32 bytes of data:
Request timed out.

Ping statistics for 23.227.38.33:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Control-C
^C
C:\Users\odhiambo>
```
I have other routers running OpenWrt where this issue does not occur. The same exclusion list is configured on all my routers.

I wonder if anyone has any insight into this.

TIA

Screenshot 2025-09-27 1010351348×1077 87.6 KB

Hi

Please try to enable “All other Traffic” to allow domains/IP addresses excluded from the tunnel to be accessible via the WAN.

image859×186 48.8 KB

I wonder why I confused that wording there with the kill switch.