OpenVPN+port forward

Yes, where xxx is the actual IP of the target device, as assigned by the Guest wifi’s DHCP.

Yes, where xxx is the actual IP of the target device, as assigned by the Guest wifi’s DHCP.

Thanks! And are wan and lan attributes correct?

Also, I don’t seem to be able to access GPON on 192.168.9.xxx when I’m connected on my laptop main wifi 192.168.1.xxx. Why would that be?

Is 192.168.1.xxx on the WAN side of the GL-AP1300?

If so, make sure that the Guest wifi is not going through the VPN as per VPN policy. Connect your laptop to the Guest wifi also and go to whatismyipaddress.com and it should show your ISP’s Public IP, not the OpenVPN server’s Public IP. At the same time, you can ping the target device to make sure it has the correct IP 192.168.9.xxx.

I found this fiddly and then added MAC address exemption to VPN Policy, which worked. Later I removed the MAC address exemption, which still worked. Maybe I could have rebooted after setting VPN Policy that Guest wifi is not to go through VPN.

Is 192.168.1.xxx on the WAN side of the GL-AP1300?

Yes

Connect your laptop to the Guest wifi also and go to whatismyipaddress.com and it should show your ISP’s Public IP, not the OpenVPN server’s Public IP.

Done, works as you suggested

At the same time, you can ping the target device to make sure it has the correct IP 192.168.9.xxx.

This only works when my laptop is connected to the guest wifi (i.e. with an 192.168.9.xxx IP). When my laptop is connected to the main wifi (i.e. with an 192.168.1.xxx IP) I cannot connect to the target device. Why would that be the case?

You should be able to access the target device (192.168.9.xxx) from your laptop (192.168.1.yyy) via the router’s WAN port IP 192.168.1.zzz over Port 2680.

192.168.1.zzz is the actual IP of the router’s WAN port, as assigned by the FTTH box. The router then then port forwards the traffic to the target device. This worked for me.

Thanks a lot for your help! But, sorry, I don’t understand this bit:

via the router’s WAN port IP 192.168.1.zzz over Port 2680

What do you mean by via? I’m just using a browser and typing 192.168.9.xxx which is the target’s device IP, as assigned by the guest wifi

You have to use the WAN port IP address like:

http://192.168.1.zzz:2680

where 192.168.1.zzz is the actual IP of the router’s WAN port, not 192.168.9.xxx.

Your port forwarding screenshot has Port 2680. If the target device has a standard web UI, then you have to change port forwarding to Port 80 and do not need “:2680” in the URL.