VPN Policy Based On The Target Domain Or IP Not Working

VPN Policy Based On The Target Domain Or IP With the correct setting with Global Options and make sure you have Do Not Use VPN for the I.P. Address entered in your browser you will find it still goes through the VPN, I have check this on all of my routers GL-AX1800 Flint GL-MT6000 Flint 2 GL-AXT1800 Slate AX using the latest firmware, if you enter an IP Address Details Checker it will show your VPN location etc it should show your Real ip address and ISP details.

I have also tried VPN Policy Based On The Client Device using MAC address and typed in Ip locator and I get an error message so it looks like the old problem is back.

There has been similar problems in the past that took years to sort out hope this time it’s solved a bit quicker.

1 Like

I don’t really get what your issue is.

Do you use your router as main DNS server? That’s necessary.

Not sure what you mean, I’m using a VPN client and I’m using AdGuard’s DNS

AdGuard DNS on your router or PC?
If it’s on your PC you need to disable it.

The VPN policies based on domain will only work when the router is answering the DNS request. VPN Policy Based On The Client Device using MAC address shouldn’t work when you are connected by VPN from your client.

1 Like

Hmm it sound like a issue i have seen before, although the problem is that it is maybe a design choice.

What i think OP means is:

Vpn is on, but for the devices or domains intended to go only over wan these use wrongly the dns of the vpn (observed with mullvad auto config)

The only solution i can give here…

If the general settings for dns dont influence it, you can try two things here really.

  • remove dns from the vpn config
  • or use dhcp tags to give these clients its own dns, i used this as a work around for my iptv since the bypass kept giving the mullvad dns on wan.

If it is the opposite your dns leaks over wan, thats fully per design you should not use a custom dns, but you need to use the dns in the tunnel.

Though i find that the above part of my message still feels like a regression between the two dns functions because in my opinion the wan fwmark should not follow the mullvad dns fwmark the dns for wan has to be restored for vpn bypassed devices to isp or custom dns if set, though when i reported this, i was told it will not be changed and it was by design, maybe they misunderstood me.

1 Like

Unfortunately it looks as if i will have to wait for GL.iNet to fix all the new firmware I had this issue before Here is one of my posts.

The problem was fixed on firmware 4.4.5 for the GL-AX1800 Flint & GL-AXT1800 Slate AX and others but the new GL-MT6000 Flint 2 never had the old firmware, if you check the the fixes for the 4.4.5 it doesn’t mention the fix I believe, but i was told by alzhao GL.iNet Staff Member.

One last and very important comment on my GL-AXT1800 Slate AX running firmware 4.4.6 exact same settings everything work 100% until I upgraded to firmware 4.5.0

I’m having the same issue on my new GL-MT6000 Flint 2 running 4.5.7 (release7) firmware.

On the VPN settings I’ve selected “VPN Policy Based on the Target Domain or IP” and added two domains. However, when I go to those domains, they’re not being accessed through the VPN.

Please male sure that all devices use the router as DNS server. This is necessary for the VPN policy.

That makes sense, the router would need to be able to inspect DNS queries and route it to the VPN or not depending on the destination, however I’m not exactly sure how to configure that in the Admin Panel UI.

On the DNS page, there’s an option that can be enabled to “Override DNS Settings for All Clients”; is that what you’re talking about?

Also on the DNS page, I have the mode set to “Automatic”. When VPN is disconnected I only see “DNS from Ethernet”, but when VPN is connected I additionally see “DNS from OpenVPN” but there is no option to remove it.

Oh now things seem to be working! Maybe I just had to wait a few minutes for the changes to propagate?

Here’s my settings:

VPN Dashboard page
Modify Proxy Mode: VPN Policy Based on the Target Domain or IP
Open VPN client: enabled

DNS page:
Override DNS Settings for All Clients: Enabled (I’m not sure if this is necessary or what it exactly does)
DNS Server Settings:
Mode: Automatic
Both “DNS from Ethernet” and “DNS from Open VPN” are listed

On my computer’s networking interface I also manually set the IPv4 DNS server to the address that matched “DNS from OpenVPN”. I’m also not sure if this step is necessary. This isn’t the router’s DNS, is it?

Edit: I have no idea if that was actually the fix. I changed VPN regions and it stopped working… It seems like there might be a magic order of operations that you have to do to make it work, or just get lucky.

Hello i would like to Welcombe you to the forum, there is a lot of helpful people here some do expect you to know everything i don’t unfortunately know every thing but i will help when i can, there used to be a problem but was sorted out some time ago, if you have a platform called Sky TV it doesn’t like the routers at all but that’s just Sky it likes you to use Sky broadband and their router.

You need not to do this. Everything in the computer should just be automatic.

How did you change vpn regions, just changed a server? I’d like to know the steps you tested and I can do a same test.

I unfortunately I still have issues if you use VPN Policy Based on the Target Domain or IP and select Do Not Use VPN whatever device i use it still goes via the VPN, also the VPN Policy Based on the Client Device using a MAC address works better but other devices not in the list also tend to go through.

I have tried this on all the latests firmwares on the GL-AXT1800 Slate AX & GL-MT6000 Flint 2 & the Flit 1.

I have tried a fresh install and have tried all the settings try it yourself use a PC add a domain like ip8.com add it to the Policy Based on the Target Domain or IP and apply make sue Global Options are deactivated and you will find it will still show you're going through you're VPN client.
Please can this be fixed as its causing havoc with my Roku device.

Make sure that the router is the DNS server in your network.
Based on the Target Domain or IP bases on using DNS directly from the router.

Hi the DNS is set in AdGuard and if the VPN is deactivated and the Global Options are all disabled the router works fine, still with AdGuard active, if I have not understood you correctly please explain, thanks

Make sure that AdGuard Home Handle Client Requests (in Applications > AdGuard) is disabled

When I was on firmware 4.4.6 I had no issues.

OK so disable AdGuard Home Handle Client Requests I will try that, thanks

AdGuard Home Handle Client Requests and VPN policies are mutual exclusive. But that is valid for all firmware. So I guess you enabled it after you upgraded.

Even the (i) tells that :wink:

1 Like

Hello thank you just tried it on an iPad and it worked won’t be able to try my Roku until later, I will let you know on that, thank you very much appreciated. :grinning:

1 Like

Yes the Roku works now many thanks.