No VPN for DMZ router?

King_Ming · October 3, 2022, 11:53am

I have a GL-AX1800 (Flint) as my main router. It connects to a Wireguard VPN, Global policy and set to Block Non-VPN Traffic.

I have just bought a GL-SFT1200 (Opal). I have connected this to my Flint in a WAN-LAN fashion. I have reserved the IP assigned by the Flint to the Opal and set this IP in the DMZ.

Now, my thinking was that, being as the Opal’s IP address is set to DMZ, that internet traffic would flow directly to the Opal - with no VPN (I want the Opal to connect to a different VPN)… but it doesn’t. Even though the Opal’s IP is in the DMZ, the Flint’s VPN connection is still live. The Opal connects to the internet, but via the VPN from the Flint.

What I want to achieve is for the Opal to have a DMZ, clean and direct internet connection, with no VPN sent by the Flint. How can I do this?

wcs2228 · October 4, 2022, 3:32pm

My understanding is that the DMZ forwards traffic that is initiated through the Flint WAN directly to the Opal WAN. Traffic that is initiated through the Opal LAN is routed through the Opal WAN to the Flint LAN, then still goes over the Flint Wireguard VPN, not through the Flint DMZ.

Instead of the DMZ setup, you can try setting up a VPN policy on the Flint to exclude the MAC address of the Opal WAN from going through the Flint Wireguard VPN. Note that I have not personally tested this.

I do not work for and I am not directly associated with GL.iNet

King_Ming · October 4, 2022, 4:21pm

Thanks mate. You are correct.