VPN policies issue, PC remains behind VPN

Hello, on my GL-inet AR300M I created a PIA VPN profile to connect my entire lan behind VPN.
I activated VPN policies to exclude a server and one Linux PC by MAC address.
So far so good but when I remove the Linux PC from vpn policies (apply), it remains behind the VPN.
Even when I reboot the PC or change VPN profile to another country.

What am I doing wrong?

Grtzz tom

1 Like

do you have “all proccess use vpn” checked in policy settings? if so un check. and or reboot the router after the settings changei

1 Like

Hello, thank you for your reply.
Yes, “all processes use VPN” was active. I’ll give it a try later this week.

I changed vpn policies from “Do not use VPN for the following” to “Only allow the following use VPN” and ofcourse changed the MAC address’s.
My PC is not anymore behind a VPN.

I also noticed a decrease in speed when using VPN on AR300M instead of directly on the device. Hopefully that will be history when I get my AR750S.

I have encountered the exact same problem of not being able to exclude two of my devices using their MAC from using VPN. I have unchecked the ‘all process use vpn’ and rebooted the router several times to no avail. I am using a testing firmware (as I need Adguard) and don’t know if that would make a difference.

1 Like

I’m gonna just give a guess here and say maybe you did an upgrade from an earlier firmware and a factory default and start over might be necessery. can you post your lan network and wan network address and routes and also xx:xx: out your macaddress but leave the last two digits. (asuming you using mac instead of domain policy routering)

Which version of firmware do you use? I’ll test

1 Like

Hi,

I’m using version 3.104 with adguardhome.

grtzz tom

2 Likes

Hello, I had to restore an earlier configuration of my AR300M router.
I enabled VPN policies but activated “only the following use VPN” . I added some of my mac clients but NOT my PC. The clients with those mac addresses are behind VPN but also my homePC which is NOT on that list.
Where can I find a config file with the VPN clients?
Thank you

grtzz tom

Addition: most of my devices have static ipaddresses through static ip binding

Sorry but not sure what is your question. Can you say in another way.

when adding mac addresses on the VPN policies page in the gui, I suppose they are registered in a file or config file.
My question should be, does such a file exists and where is it located?

At the moment I have selected a few ipaddresses in VPN policies but it seams my whole lan is behind the VPN now.

The GUI of VPN policies does not react as it should.

I’m facing kind of same issue, nextdns detects that I’m using DNS from VPN but my IP address is my real IP and not that of VPN.

Do you have this enabled? Use VPN for all processes on the router.

Exact same settings but NextDNS dashboard gives message “All good!
This device is using NextDNS with this configuration.” Only for next few minutes.

After few minutes messages changes to “This device is not using NextDNS”

This is happening after upgrade to 3.104 and then downgrading to 3.027 on B1300.

Hello,
I tried as you suggested but the result is weird.
When I configure VPN policies with VPN allow for a few single ipaddresses like 192.168.8.10/24, VPN for all processes ENabled, internet kill switch on, ALL of my clients are behind the PIA VPN.

When I configure VPN for all processes DISabled, reboot router, internet killswitch still on, None off my clients are behind VPN and internet is working while kill switch is on.

grtzz tom

using 3.104 with adguardhome

This is not signal IP addresses, it is for all 8.x IP.

The 2nd problems seems bug.

There may be some compatibility problems between AGH and VPN Policy. I will test it according to the steps you provided.

1 Like

Hello, indeed, my error. Changed ipaddresses to 8.100 and 8.101 and now i can use these devices solely behind VPN.
I noticed also the speed reduction of my VPN when traffic is redirected through the AR300M when VPN is activated.
Hopefully that will be history when the AR750S replaces the AR300M

Thank you for your quick support.

GRtzz tom

Installed AR750S with FW3.104 (without adghome)

created a PIA openvpn connection (connects without problem)
added 4 ipaddresses to vpn policies
Activated VPN policies with guest and all processes activated
Applied
Rebooted router
None of the clients is behind the VPN

When I did this in the AR300M it worked.

edit: after a few minutes all clients are behind VPN. Then I disabled “all processes” , rebooted router and none of the clients are behind VPN.
VERY inconsistent.

1 Like

Note that when you use IP addresses as a policy, all IP addresses represent destination addresses, not source addresses.
If you need to specify the client to use a VPN, use the MAC policy.

1 Like

Maybe it’s me but when I read “Only allow the following use VPN” it means,

All ipadresses listed are using the VPN.
The one’s NOT listed do NOT use VPN.

Correct me if I’m wrong.

And “use the MAC policy” does not work either because that’s why this threat was created.

My initial goal for using this router (which died this morning) was:

  1. a few clients behind openvpn (pia in my case)
  2. adguardhome blocking for my LAN.
  3. USB tethering as backup ISP

But as I stated before, after three days, my AR750S is dead. Not even a lan/wifi connection is possible anymore. thank god I had a ar300m as backup.

Now getting it replaced.

grtzz tom