Hello. I need both vpn and not vpn access depends on what sites I open. So to have fast switch I use main wi-fi network as vpn and guest wi-fi network as non vpn. In vpn settings I set based on VLAN and it does work, but after some time (hours or days) I notice that traffic on guest network is going through vpn too. If I open vpn settings and set again which vlan should use vpn and click apply, it gets back. What’s wrong? How can I prevent guest network from using vpn completely?
Please upgrade to the latest firmware version.
Please let me know more:
Device model.
Firmware version.
All about the VPN settings, DNS settings.
Whether other third-party applications have been enabled, like Tailscale, Zerotier, AGH, etc.
I have the latest firmware (4.7.0)
device: GL-MT3000
firmware: 4.7.0
I have a wireguard client and opnVPN server set up
All dns setting are default
Only ddns is enabled, but I am not sure if it is considered as third-party app
One additional thing, I changed firewall setting to have access between main lan and guest lan
Does it enable the cascading feature?
What is the rule? Please screenshot.
additional thing I have discovered. it seems to be the setting stop working correctly at 00:00 local time
no
I moved guest interface from guest zone to lan zone
In the firewall settings, why did the Guest group put it with lan?
If you want to have access between guest and lan, you should let guest WiFi directly bind br-lan.
And the access between guest and lan is conflict with VPN Based on VLAN, because VLAN originally made guest and private (lan) are separated.
the reason I want access between lan:
as I said I want to use main lan as non-vpn lan, all devices by default is connected to it. also I have guest lan as vpn lan which I connect when I need to access blocked sites. when I connected to vpn I need to stream media to speakers or TV which still are connected to main lan. in default configuration I can not do that because traffic between guest (vpn) lan and main (non-vpn) lan is blocked
Guest and Main (Private) are not in the same subnet, they can not access each other.
It is supposed to bring the speakers or TV and stream media client (phone/pad) connection in the same subnet.