VPN bypass does not work

beniamin · 2022-11-28T17:09:56.624Z

The VPN bypass does not work on my SlateAX 4.1-b3

Normal VPN standard setup (imported file and user/pw), using PIA as VPN provider. Can someone please help. I need these two devices NOT to use the VPN, while all others should use VPN.
when I go to (What's My IP Address? Accurate & Fast Location Info | PIA VPN) to see my IP, it still says protected by PIA.

image2124×1222 128 KB

image2105×773 51.2 KB

Screenshot_20221128-0912321080×1113 78.1 KB

K3rn3l_Ku5h · 2022-11-29T03:55:57.801Z

Do you mean 4.1.0 release3?
I would say upgrade to Stable 4.1.0 release7 and try to complete your setup been some changes since 3.

I do not work for and I am not directly associated with GL.iNet

beniamin · 2022-11-29T05:38:10.421Z

4.1 beta 3. I tried the newer version beta release 7 and it didn’t fix it.

beniamin · 2022-11-29T05:55:50.881Z

Ok, so I think it works with the release 7. I rebooted the router and it looks good

beniamin · 2022-12-03T16:13:44.357Z

I guess this issue isn’t resolved like I thought. My wife’s iphone is on the bypass list and it still hits the VPN. Services like Disney+ and Netflix won’t load.

K3rn3l_Ku5h · 2022-12-03T17:39:48.363Z

What is the Global VPN Policy set to?
Is your wifes Iphone have Private Wi-Fi Address and Limit Ip address tracking enabled?
This will be under WiFi settings my network info in IOS

beniamin · 2022-12-03T20:46:22.323Z

The first thing I did was turn off private address on all devices. The global is set to devices not use VPN.

K3rn3l_Ku5h · 2022-12-03T22:31:05.330Z

Under Global VPN policy is Block non-VPN traffic enabled? This should be disabled for your non VPN traffic to get through.

I am using Mac address exclusion for the VPN and it seems to work, the client I have excluded is being provided a static ip address.

David · 2022-12-04T01:35:13.364Z

Hello. Not expert here. I noticed that you have policies based on mac device. Maybe the iPhone has random mac function enabled in settings?
Bye

beniamin · 2022-12-04T01:55:25.847Z

I did disable the private address
It seems like the rules are not applying or working.

K3rn3l_Ku5h · 2022-12-04T15:04:18.438Z

Its your setup and configuration. I have tested on GL-AX1800 and GL-AXT1800 using a iphone MAC address exclusion. Like I stated before if you have block non vpn traffic enabled NonVPN traffic won’t leave this was the only way I was able to replicate.

beniamin · 2022-12-04T22:00:52.556Z

Block traffic is not enabled. Can you post screenshots of your config? Did you have to reboot so it can take effect?

Screenshot_20221204-1359591080×2400 141 KB

K3rn3l_Ku5h · 2022-12-04T22:03:15.036Z

Ok so that is the same a mine. You should not need to reboot but may need to flushDNS. If you want to reboot that is fine. A issue I did have was the 1st connection I had random IP and mac address enabled(IOS does have it as default) and I did mistakenly add that one.

I just want to make sure I understand: The Iphone is set to not use vpn but still connects using the vpn, as apposed to the iphone can’t leave the LAN or use the WAN, gets no connection.

I also want to make sure that you are hitting apply when you add the iphone to the MAC exclusion(I have not done this a number of times)

beniamin · 2022-12-04T22:20:31.386Z

Correct. I want all devices on my network to use VPN by default minus the ones that are in the bypass list. I tried with my pixel 7, I added it to the list. And I still hit the VPN. (The IP address is from PIA)

Screenshot_20221204-141637~21080×2155 88.1 KB

Screenshot_20221204-1416471080×2400 216 KB

Screenshot_20221204-1416511080×2400 186 KB

Screenshot_20221204-1419171080×2400 209 KB

beniamin · 2022-12-04T22:28:03.771Z

I appreciate the help. My network is a little different from yours. I have a Firewalla Blue that does ARP spoofing, so the traffic was leaving outbound from that device. I unplug the firewalla and guess what? My pixel now does not use the VPN.

Screenshot_20221204-1426031080×1699 115 KB

K3rn3l_Ku5h · 2022-12-04T22:28:06.989Z

This is like the third post I put this on. Unless PIA has something built into there Config I not sure

OpenVPN and WireGuard Compatibility Report Technical Support for Routers

Update: Nord vpn is now using Service Credentials to connect VPN. [image]

beniamin · 2022-12-04T22:28:48.420Z

Check my post right above your comment. I figured out my issue. I have a firewalla that does ARP spoofing.
The bypass works as expected now. Thank you for your help!