Only devices within the same subnet can access each others.
If your computer’s subnet isn’t set up right, it’s like being in the wrong neighborhood. So, your computer will use the gateway, which is like a town center, to find its way to the right place.
So if you are in subnet 192.168.8.x (with subnet mask 255.255.255.0) you can only access devices within the 192.168.8.x. If you use a broader subnet mask (like 255.255.0.0) you can access all devices within the network 192.168.x.x
But this is just for your understanding - not for solving the issue so far.
And now I’ll wait for @LupusE - he is pretty good in describing what to change.
A subnet (192.168.8.0/24) can only exist one time. So you need to change the network of your ISP LAN or your GL.iNet LAN. Than you’ll have a double NAT for all devices behind the GL.iNet LAN.
In that case the Shadow admin panel is reachable only from the LAN site (all devices in the LAN/WLAN settings of the Shadow). Or you explicit allow access to the admin panel from WAN, than the clients at the ISP LAN can reach the Shadow, but at the WAN IP, not the GL.iNet LAN IP.
On the other hand you can can switch the Shadow to Bridged mode. Than it does no DHCP, DNS, Routing. It is just another Client in the network, that can hand over all WLAN to LAN, in the same Network.
In that case your Shadow is reachable from the Whole LAN by the settled or assigned (via DHCP) address.
No. Two sites with the same Subnet won’t work. Never. Regardless how many people people living there.
Lets live in a ideal world:
SiteA: LAN 192.168.1.0/24 (.1 is the router, .2 the first client)
SiteB: LAN: 192.168.2.0/24 (.1 is the router, .2 the first client)
Now you can create a VPN in between, with the network 192.168.3.0/24 or 10.10.10.0/24 (a little oversized, but okay for this picture).
The issue in the wrong setup: Because it is more easy in your head, you’d like to use 192.168.1.0/24 on both sites, because there is a VPN in between → But the SiteA is routing all 192.168.1.0/24 to itself, SiteB is routing al 192.168.1.0/24 to itself … The VPN is confused what is the target address.
The Network at the Shadow isn’t working, right? So you can change it and lose nothing.
Network with the CIDR /32 will be only one IP … I really don’t think this will represent your network.
Yeah, the bridged is on another device. Sorry that I have more than one router config. sometimes I confuse them.
But please make sure you are using Firmware 4.x, not 3.x