VPN policy by domain or IP address not working properly on Flint 2

gcwgill · December 18, 2023, 6:57pm

VPN policy by domain or IP address is not working.

Currently running Wireguard Client. I have a list of IP addresses that I do not want to go through the VPN tunnel. One of the IP addresses listed is the static IP address of my PS5. However, I am still seeing the IP address of my VPN client after running a check. I have also tried placing the IP address of my Mac Studio outside of the VPN tunnel and upon going to whatismyipaddress.com, I am still seeing the VPN client IP address here as well.

What am I missing here? Is there a way to run a VPN policy based on IP address while also running a policy based on what the client device is? It seems that these are in two separate and uncombinable options.

admon · December 18, 2023, 7:18pm

VPN policy does not work like this.
The policies are about the target domain and IP address, not the source.

For more advanced rules you need to use the manual approach or running pbr using OpenWrt.

I am not sure if you can still use the GL GUI then - @bring.fringe18 ?

gcwgill · December 18, 2023, 7:29pm

Thank you for the fast reply, @admon. Could I use the option titled Customize Routing Rules? I don’t see an option to do any further customization after I’ve selected this option.

bring.fringe18 · December 19, 2023, 12:43am

PBR is overkill for this.

@gcwgill

I’d block the console via its MAC (GL GUI → Clients → $MAC) given you can’t do by IP via VPN Policy Base On The Target Domain Or IP → [ Use / Do Not Use ]; it’s a similar option for VPN Policy Base On The Client Device.

Fint v1, firmware 4.4.6-release1

gcwgill · December 19, 2023, 3:43am

What do you mean block the console? How would that help in this situation?

bring.fringe18 · December 19, 2023, 3:43am

So block the console if you don’t want it going through the tunnel.