I occasionally test the Snapshot Firmware 4.8 on a GL-MT6000 Flint 2 and was impressed until now.
And in the version openwrt-mt6000-4.8.0-0711-1752169979.bin, direct routing was still included.
From version openwrt-mt6000-4.8.0-0721-1753039358.bin and openwrt-mt6000-4.8.0-0723-1753212284.bin, direct routing is missing.
New Features
2025-07-18: Remove direct routing...
But this isn't a new feature and will be added or integrated again.
I was so happy and discovered today that it no longer works. No external access to the network behind it via VPN Server WG.
Is there another way to access the network behind it?
"Direct routing"... WTH. I swear, some of these terms GL.iNet comes up with just seem to be so non-standard/confusing on this side of the globe. /mini-rant off
@LiWe
Are you saying these docs are now out of date, specifically related to?:
Easy access to your internal resources and local streaming.
I know the documentation, but unfortunately the menu items are no longer usable in Snapshot version 4.8 - Flint 2 because there are multiple VPN instances and the menu navigation is also different.
Up to version openwrt-mt6000-4.8.0-0711, everything was fine.
From version openwrt-mt6000-4.8.0-0721 onwards, access is no longer possible with this configuration.
After downgrading to Snapshot openwrt-mt6000-4.8.0-0711, it works again.
It seems then it is the docs. They're probably not updated yet because of the beta/snapshot status. I'd revert to stable or whatever version was working best for you and await for the next full release when its' finally stable.
Unfortunately, starting with the beta version and in the snapshot from 2025-07-21, access is no longer possible, even if this option is selected.
I can only access the router; all others are unavailable.
Firmware= openwrt-mt6000-4.8.0-0725-1753384986.bin
From version openwrt-mt6000-4.8.0-0721 to openwrt-mt6000-4.8.0-0725, only 192.168.0.1 is displayed, and all other clients are no longer accessible.
Hi,
I've just quickly summarized this.
As I said, up to version 16.07.2025, I had no problem accessing it via Mac or iPhone (VPN). As of July 21, 2025, I can only access the MT6000 router (192.168.0.1 or 10.10.0.1).
Same problem on my side.
After "Removed direct routing to prevent leakage risk when WAN is connected to public network" update, let's say I'm connected via repeater to router 192.168.1.1,
the router's webpage isn't accessible anymore and all 192.168.1.x addresses too, enabling "All Other Traffic" in VPN webpage allows the access, but that's not a solution.
Can you point out to the file/rule responsible for this?
Thank you.
On v4.8.x firmware, if you want to access the WAN subnet (primary router or WAN subnet), you have to configure the IP/subnet in "Exclude specified Domain/IP List" and enable "All Other Traffic".
Example:
Overall, it's roughly similar to my test environment topology, but different is your router enabled VPN client (tunnel) and with some policy rules.
Since I'm not reproducing on my side, if can, please share your MT6000 with us via GoodCloud and then perform uninterrupted ping [MT6000 LAN client] and ping [MT6000 LAN IP] in Mac/Win, I'll check the forwarding of these packages on MT6000.
I've narrowed down the problem to the WireGuard server.
If the WireGuard server is configured as a tunnel, see screenshots, it doesn't work anymore, no matter what you set in the individual configurations.
OpenWrt Version - OpenWrt 24.10.2 r28739-d9340319c6
Kernel Version - 6.6.93
Scenario 1
WireGuard Server without direct VPN tunnel
All Other Traffic: ON
External access with iPhone mobile: OK MT6000
LAN access: OK
WAN access: OK
WAN access - via VPN TUNNEL: NO because OFF
Scenario 2
WireGuard Server without direct VPN tunnel
All Other Traffic: OFF
iPhone mobile access: OK MT6000
LAN access: OK
WAN access: OK
Access to WAN: via VPN TUNNEL: NO
Scenario 2
WireGuard Server with direct VPN tunnel
All Other Traffic: OFF, it's supposed to be VPN
-Access from iPhone mobile: OK MT6000
-Access to LAN: NO
-Access to WAN: OK
Access to WAN: via VPN TUNNEL: OK
