Support for Drop-in Gateway

Model: GL.iNet GL-MT2500

Architecture: ARMv8 Processor rev 4

Openwrt Version: OpenWrt 21.02-SNAPSHOT r15812+878-46b6ee7ffc

Kernel: 5.4.211

I have Wireguard client setup based on “VPN Policy Base on Client Device”. Only one device is whitelisted to use Wireguard tunnel.

I have also enabled Drop-in Gateway and disabled DHCP from the Primary router.

The main problem is that after successfully enabling “Drop-in Gateway”, all the clients traffic from Primary router is using VPN tunnel. This should not be case since VPN Policy Base on Client Device is in place. Tried with several other devices which is not in VPN Policy Base on Client Device, but it still goes thru vpn tunnel.

Please advise if this is usual behaviour or needed additional configuration in order for the primary router clients to use normal flow rather than VPN tunnel.

This is indeed an issue. “VPN Policy Based on Client Device” was originally designed for the LAN side. The Drop-in gateway mode, i.e., the WAN side, should be added in a later version.


Do we have any date from new release for this fix ?

Currently on:

  • Version 4.2.0
  • Firmware Type release 4

This feature will introduce a relatively large change. So maybe on firmware 4.4 or 4.5.