Hi all, I have a GL-AR750S running 3.026 and I’m having trouble getting VPN policies to work.
I’m using Wireguard as my VPN and the issue I have is that I any device I set to bypass the VPN (either via IP or MAC) loses internet connectivity all together. Can anyone point me in the right direction as to what the issue may be? Thanks in advance.
Same issue here as well, happens every time I activate VPN policies, if i disable Use VPN for all processes on the router, DNS completely stops working (but internet connection seems to work fine?). If i enable it, internet works, but everything slows down to unusable levels. This happens with both domain-based VPN policies and MAC address policies. Currently running snapshot from 20 november, 3.100
I have a similar issue with GL-AR750S running 3.101.
My use case is slightly different:
The GL-AR750S is connected to a VPN provider (Mullvad) with OpenVPN (UDP port 1194).
A “do not use VPN for the following” policy is added with the IP address of my private cloud server.
I attempt to connect to my cloud server with OpenVPN (UDP port 1194) from a client PC that is connected to the GL-AR750S. The connection is established successfully, but then completely freezes after 60 sec.
I’m not a Linux networking expert, but I think this may have something to do with the conntrack settings in the iptables rules that are added when the VPN Policy is enabled. The connection freezing after 60 sec seems to correlate with the netfilter conntrack UDP timeout value in “/proc/sys/net/netfilter/nf_conntrack_udp_timeout”.
Sometimes the connmark is 540416 (0x83F00) and sometimes it is 16128 (0x3F00). I suspect this means some packets are bypassing the VPN provider and some packets are not bypassing.
There is a known issue that when vpn policy is turned on, the website that bypass vpn may not be accessed normally. This may be caused by CDN. Especially speedtest dot com has problems.
Thanks for the info. I’m not sure if the issue you describe is what I am seeing, because I am trying to access a server using the IP address, not domain name. However, I do understand that it may be related.
I can fix the connection issue by adding an entry to the routing table for my private cloud server. This guarantees that traffic to the server bypasses the VPN on the GL-AR750S.
root@GL-AR750S:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default * 128.0.0.0 U 0 0 0 tun0
default 192.168.20.1 0.0.0.0 UG 10 0 0 eth0.2
10.15.0.0 * 255.255.0.0 U 0 0 0 tun0
YYY.YYY.YYY.YYY 192.168.20.1 255.255.255.255 UGH 0 0 0 eth0.2
128.0.0.0 * 128.0.0.0 U 0 0 0 tun0
192.168.8.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.20.0 * 255.255.255.0 U 10 0 0 eth0.2
XXX.XXX.XXX.XXX 192.168.20.1 255.255.255.255 U 0 0 0 eth0.2
The routing table shows that the default gateway for all traffic is through the VPN tunnel. Enabling the VPN Policy does not modify the routing table. Please note that the IP address of the Mullvad OpenVPN server is shown as YYY.YYY.YYY.YYY.
After I add a route entry for my private cloud server IP address (shown as XXX.XXX.XXX.XXX), my connection to the server is stable and routed correctly. All other traffic is correctly routed through Mullvad OpenVPN on the GL-AR750S.
This is only a temporary fix and needs to be configured after each power-up. If anyone has any more suggestions, I’m willing to give them a try.