OpenVPN and excluding IP/MAC address from VPN routing


#21

Do you mean it will work if I install it again, or it should already be in there somewhere?

I’ve upgraded to the testing firmware, there’s some nice new features, but I can’t find anything to do with policy routing in the GL iNet GUI or Luci.


#22

Hold on, making another update of the server but may be AR750S first.


#23

Hi,

I uploaded the route-policy firmware for AR750S and MIFI.
You can enable it on the UI–>VPN–>VPN policies
If you have any questions, please send them to me through forum, and I will deal with them as soon as possible


#24

Thanks!

I upgraded my firmware to the policy routing testing firmware, but I still can’t get it to work, I get no internet connection with the routing policy setup. I’ve set it up so all MAC in list goes through the VPN. I’ve only added the one MAC for testing. It has no internet connection.

Do I need to follow a process to get it working? I’ve tried a few different ways, setting then rebooting, connecting to VPN first then enabling policy routing and vice versa.

Also, I assume that when policy routing is enabled, any MAC not in the list will do the opposite to what is set in the policy routing (All MAC through VPN or No MAC through VPN) and not just deny connection.


#25

I have an example of a setup here. In this example, only 08:57:00: e5:88:6b is allowed through the VPN, and all other devices will bypass the VPN


#26

Yep, that’s what I had. I had no internet connection for the device that should’ve been connecting through the VPN.

I’m also using it through the 4G modem, would this be an issue compared to when using it as a repeater or tethered?


#27
  1. I tried the firmware (750S) and tried to allow pass-thru (ie. non-VPN) for one MAC address and it didn’t work.
  2. Menu was confusing as to what was on the list and what wasn’t on the list.
  3. Allow VPN and disallow VPN options also very confusing.

#28

I’m aware of the UI mess, which is currently improving. But the functionality should be normal, and perhaps, for now, the UI is hard to understand


#29

I’m not sure that I understood what you said.
Do you think Modem is the reason why it doesn’t work?
I haven’t tested with the Modem. I’ll test it tomorrow


#30

Thanks for reply.
I would suggest two lists:
First called ALLOW with option “block/disallow > apply”
Second list BLOCKED (or disallowed) with option “allow > apply”.


#31

From my test it works, at least most of the time.

It is a little difficult to test. When you assign a domain from normal internet to vpn tunnel, or reverse way, use another browser or private tab to test. If you just use one browser and check ip location, it may report falsely.


#32

Just wanted to report back and say that it’s working now. Not sure what changed, but it seems to be working well and I haven’t had any faults yet. Thanks everyone, it’s a huge help.

Any idea when this firmware will be cleaned up and pushed out officially?