VPN Policy Base On The Target Domain not working

VPN Policy Base On The Target IP is working nice
But VPN Policy Base On The Target Domain not working

What device and firmware is this?
Things like Facebook need a number of connections and domains to work, perhaps you are missing one. Wireshark is good to access this, as it shows all traffic and connections

VPN policy will only work for local network and will not be honored by VPN clients connecting to server outside the local network.
:gl_emoji_dizzy:I do not work for and I am not directly associated with GL.iNet :gl_emoji_shacking:

Axt1800 fw 4.1.0 7 rel
First of all I need yt3.ggpht.com

internet<-axt1800 (for vpn) <-ASUSrouter (dhcp+WiFi)<-devices

On the SlateAx you use the default lan interface nothing advanced?

What also could be if I understood correctly:

You need to make sure your asus router gets the dns from your SlateAx, and you also need to make sure your client then uses the dns from the asus router if that makes sense.

However the tricky part is, I believe the domain name you try to bypass is from google, and google has ways to ignore the default dns settings, I noticed this on my android devices aswell, what I did was making a port forward from port 53 udp to the router ip this basicly forces all 53 dns traffic.

Editted I misreaded it for flint :yum:

FYI Both android and apple devices have ways of bypassing the vpn apps on devices, so act accordingly.

My understanding is that dnsmasq on the router is required for VPN policies to work with domain names. You can try configuring the GL-AXT1800 as the main router and the ASUS router as a wifi access point:

internet<-axt1800 (for dns+dhcp+vpn) <-ASUS router (wifi access point)<-devices

I do not work for and I do not have formal association with GL.iNet.

On the GL-AXT1800, you should turn on the Override DNS Settings for All Clients setting:

There are web posts that state some apps (notably Netflix) and devices (notably Chromecast, Google Home Hub) use hardcoded Google DNS servers (, to bypass your client device, router and VPN DNS settings. My understanding is the Override DNS Settings for All Clients will intercept such DNS requests and redirect then to your router’s DNS servers.

This technique is only a partial solution because they may have additional ways to detect your location.

Pls check if your pc is using encrypted dns or not.

For example, in Windows if you set or it will use encrypted dns, so the domain based policy will not work.

yes it is.
but now everything is working fine, although I haven’t reconfigured anything, except nnmclub.to. :man_shrugging: