VPN Policies Issues

I have set guest networks not to use VPN.
I have set a custom DNS server.

I expect my Android TV connecting with Guest Network will use custom DNS , is it correct?

I have added static route like below to deny access to public DNS. Today I was surprised that even guest network is using VPN :flushed: I came to know when my Android TV was showing me ads on YouTube detecting my VPN IP, though Android TV is on guest network. Not only this my VPN data usage reached to 12Gb.

Then I added Andriod TV MAC in the list not to use VPN, but now my Netflix isn’t working.

Another confusion is the interface of VPN policy rules, see below.

@luochongjun pls have a check.

Hi, realjohny

First, the static route you set is invalid for the policy route.
The MAC address policy you set cannot be applied to the guest network. It is really necessary to connect your TV to the main network

I am also facing the same issue on my device. My Epson printer is not working properly and showing Epson Printer Error 0xf1 error. Do you have any idea to fix this issue?

Thank you for your reply. What would be the correct routine if I want to route all these public or other DNS to router and force all traffic to custom defined DNS only?

If I connect TV with main network I can set it to “not use VPN”?

yes you can. Pls don’t use mixed settings e.g. using guest network and vpn policies at the same time. that could mess up the routing.

What is the version of gl-route-policy?
In the 3.0.35 version, you can do the following configuration.

I actually have exactly the same setting but still either Netflix doesn’t work or gives a proxy error.

I am wondering if all traffic is going through the custom DNS then how come Netflix gets to know this.

While writing this email I connected my TV with ASUS 3200AC with custom DNS and no Netflix error.

Were you ever able to find a resolution to this? I’m trying to do the same and exclude a Roku stick from using a wireguard connection using the policies you did above - but when I do so, the roku stick doesn’t really work

I should add, the device does receive internet, and does connect without using the VPN, but speeds are less than 1mpbs (connection is virtually unusable). It seems the policy is working but the router is pushing very undesirable speeds and not the full connection speed. Router is the ar750s. Anyone have any suggestions?

Can you share your policy Settings?

Thanks for the reply. Please see attached. I’ve tried enabling option #3 and disabling, neither seems to change anything. It’s strange the device is getting approximately 300 bytes of data, vs not at all.

Team, found a solution. This isn’t ideal, but it works.

The first post noted that their guest network is using the VPN even when this is checked, I think that’s since been fixed. I activated the guest network and I’ll have my steaming device use that - and set the vpn settings to exclude the guest network. I set the guest network to run off of the 2.4ghz band and I have my primary network off of the 5ghz band which might help too, I’m not sure. But I can confirm the 5ghz (non guest) network is working with the vpn, and the 2.4ghz is not. I enabled “use for all processes” and also selected “only allow the following to use the vpn” and left it blank - since if you said “do not use vpn for the following” and it’s blank, it defaults to “all devices” which means no vpn was being used for either network. It’s almost a double negative, haha.
Hope that helps someone.

Edit, but nevermind, that doesn’t work. It for some reason keeps that same around 300 bytes of a connection… Makes no sense. The router can’t seem to split it while maintaining any kind of reasonabke network speed on the non vpn side. I’m assuming this is now a firmware issue.

which router are you using now?

I just tried my GL-MV1000 and does the same as you did. Using vpn or not does not affect the speed.

Router is the ar750s - when using vpn and when not, speed is maintained. The issue is when trying to use both - either excluding a specific device from using a vpn, setting a guest network to not use the vpn - in these instances, the speed is dropped on the “non vpn” side to a fraction of a Mbps. The speed of the regular connected devices using the VPN remains at full speed.

I think it might be DNS. You can try setting up a DNS manually.

Just adding my two cents, but I’ve tested VPN Policy + Custom DNS on 3 different models now and have reached the conclusion that it simply cannot work. Clients can’t get DNS resolution for any host your DNS server covers unless the router has already cached it by doing a nslookup from router CLI.