VPN Policy Based On The Target Domain Or IP Not Working

VPN Policy Based On The Target Domain Or IP With the correct setting with Global Options and make sure you have Do Not Use VPN for the I.P. Address entered in your browser you will find it still goes through the VPN, I have check this on all of my routers GL-AX1800 Flint GL-MT6000 Flint 2 GL-AXT1800 Slate AX using the latest firmware, if you enter an IP Address Details Checker it will show your VPN location etc it should show your Real ip address and ISP details.

I have also tried VPN Policy Based On The Client Device using MAC address and typed in Ip locator and I get an error message so it looks like the old problem is back.

There has been similar problems in the past that took years to sort out hope this time it’s solved a bit quicker.

I don’t really get what your issue is.

Do you use your router as main DNS server? That’s necessary.

Not sure what you mean, I’m using a VPN client and I’m using AdGuard’s DNS

AdGuard DNS on your router or PC?
If it’s on your PC you need to disable it.

The VPN policies based on domain will only work when the router is answering the DNS request. VPN Policy Based On The Client Device using MAC address shouldn’t work when you are connected by VPN from your client.

1 Like

Hmm it sound like a issue i have seen before, although the problem is that it is maybe a design choice.

What i think OP means is:

Vpn is on, but for the devices or domains intended to go only over wan these use wrongly the dns of the vpn (observed with mullvad auto config)

The only solution i can give here…

If the general settings for dns dont influence it, you can try two things here really.

  • remove dns from the vpn config
  • or use dhcp tags to give these clients its own dns, i used this as a work around for my iptv since the bypass kept giving the mullvad dns on wan.

If it is the opposite your dns leaks over wan, thats fully per design you should not use a custom dns, but you need to use the dns in the tunnel.

Though i find that the above part of my message still feels like a regression between the two dns functions because in my opinion the wan fwmark should not follow the mullvad dns fwmark the dns for wan has to be restored for vpn bypassed devices to isp or custom dns if set, though when i reported this, i was told it will not be changed and it was by design, maybe they misunderstood me.

1 Like

Unfortunately it looks as if i will have to wait for GL.iNet to fix all the new firmware I had this issue before Here is one of my posts.

The problem was fixed on firmware 4.4.5 for the GL-AX1800 Flint & GL-AXT1800 Slate AX and others but the new GL-MT6000 Flint 2 never had the old firmware, if you check the the fixes for the 4.4.5 it doesn’t mention the fix I believe, but i was told by alzhao GL.iNet Staff Member.

One last and very important comment on my GL-AXT1800 Slate AX running firmware 4.4.6 exact same settings everything work 100% until I upgraded to firmware 4.5.0