VPN Policy Based On The Target Domain Or IP With the correct setting with Global Options and make sure you have Do Not Use VPN for the I.P. Address entered in your browser you will find it still goes through the VPN, I have check this on all of my routers GL-AX1800 Flint GL-MT6000 Flint 2 GL-AXT1800 Slate AX using the latest firmware, if you enter an IP Address Details Checker it will show your VPN location etc it should show your Real ip address and ISP details.
I have also tried VPN Policy Based On The Client Device using MAC address and typed in Ip locator and I get an error message so it looks like the old problem is back.
There has been similar problems in the past that took years to sort out hope this time it’s solved a bit quicker.
AdGuard DNS on your router or PC?
If it’s on your PC you need to disable it.
The VPN policies based on domain will only work when the router is answering the DNS request. VPN Policy Based On The Client Device using MAC address shouldn’t work when you are connected by VPN from your client.
Hmm it sound like a issue i have seen before, although the problem is that it is maybe a design choice.
What i think OP means is:
Vpn is on, but for the devices or domains intended to go only over wan these use wrongly the dns of the vpn (observed with mullvad auto config)
The only solution i can give here…
If the general settings for dns dont influence it, you can try two things here really.
remove dns from the vpn config
or use dhcp tags to give these clients its own dns, i used this as a work around for my iptv since the bypass kept giving the mullvad dns on wan.
If it is the opposite your dns leaks over wan, thats fully per design you should not use a custom dns, but you need to use the dns in the tunnel.
Though i find that the above part of my message still feels like a regression between the two dns functions because in my opinion the wan fwmark should not follow the mullvad dns fwmark the dns for wan has to be restored for vpn bypassed devices to isp or custom dns if set, though when i reported this, i was told it will not be changed and it was by design, maybe they misunderstood me.
Unfortunately it looks as if i will have to wait for GL.iNet to fix all the new firmware I had this issue before Here is one of my posts.
The problem was fixed on firmware 4.4.5 for the GL-AX1800 Flint & GL-AXT1800 Slate AX and others but the new GL-MT6000 Flint 2 never had the old firmware, if you check the the fixes for the 4.4.5 it doesn’t mention the fix I believe, but i was told by alzhao GL.iNet Staff Member.
One last and very important comment on my GL-AXT1800 Slate AX running firmware 4.4.6 exact same settings everything work 100% until I upgraded to firmware 4.5.0
I’m having the same issue on my new GL-MT6000 Flint 2 running 4.5.7 (release7) firmware.
On the VPN settings I’ve selected “VPN Policy Based on the Target Domain or IP” and added two domains. However, when I go to those domains, they’re not being accessed through the VPN.
That makes sense, the router would need to be able to inspect DNS queries and route it to the VPN or not depending on the destination, however I’m not exactly sure how to configure that in the Admin Panel UI.
On the DNS page, there’s an option that can be enabled to “Override DNS Settings for All Clients”; is that what you’re talking about?
Also on the DNS page, I have the mode set to “Automatic”. When VPN is disconnected I only see “DNS from Ethernet”, but when VPN is connected I additionally see “DNS from OpenVPN” but there is no option to remove it.
Oh now things seem to be working! Maybe I just had to wait a few minutes for the changes to propagate?
Here’s my settings:
VPN Dashboard page
Modify Proxy Mode: VPN Policy Based on the Target Domain or IP
Open VPN client: enabled
DNS page:
Override DNS Settings for All Clients: Enabled (I’m not sure if this is necessary or what it exactly does)
DNS Server Settings:
Mode: Automatic
Both “DNS from Ethernet” and “DNS from Open VPN” are listed
On my computer’s networking interface I also manually set the IPv4 DNS server to the address that matched “DNS from OpenVPN”. I’m also not sure if this step is necessary. This isn’t the router’s DNS, is it?
Edit: I have no idea if that was actually the fix. I changed VPN regions and it stopped working… It seems like there might be a magic order of operations that you have to do to make it work, or just get lucky.
Hello i would like to Welcombe you to the forum, there is a lot of helpful people here some do expect you to know everything i don’t unfortunately know every thing but i will help when i can, there used to be a problem but was sorted out some time ago, if you have a platform called Sky TV it doesn’t like the routers at all but that’s just Sky it likes you to use Sky broadband and their router.