No port forward or DMZ when IP/Domain policy enabled

Hi, im on GL-MV1000, Firmware 3.215. OpenVPN client is connected. VPN IP/Domain policy is enabled. At firewall there is a port forward activated (or sometimes a DMZ). It is impossible to reach the computer via port forward or DMZ from outside.
When switching VPN policy to MAC-Address, port forwardind to those computers those MAC address enabled in the VPN policy is working…
So, is this a bug or a feature?
Thanks in advance

Do you set port forward from the vpn interface or WAN interface?

Do you access the computers via the VPN tunnel or just on WAN?

Port forward from WAN interface, I have a Wireguard Server to which the port forward is pointing to and the road worriors are trying to connct to via wireguard client.

When you use IP/Domain policy, all devices’ data goes via VPN. So the wan access is not possible to these devices.

But for Mac based, you can put the Wireguard server not use VPN so you can access it.

Anyway, when you use one router as vpn client, it is better not put server behind it because everythign should goes via vpn.

In our new firmware 4.1.1 and later, you can enable vpn server and client at the same time on the router so you do not need to put the wireguard server behind the vpn router.

Thats great news - but how do i get the new version? I am always doing “Firmware update” but so far my router sticks with 3.215… THX!

All firmware will be downloadable from

MV1000 do not have 4.x now.

Tanks! Are there any plans for v4 for the MV1000?