I tried IP based rule works.
Maybe @luochongjun can help on this matter. Before there is setting for guest network but the UI is too complicated already. But this is definitely doable.
One more thing about IP based rule.
You need to flush your DNS or just wait for some time to let it work. This is the behaviour I observed. Because of DNS cache it seems not working so you changed your settings again. So just be a little patient and you should find that it works.
based domain policies need flush DNS cache (use ipconfig /flushdns command on windos ).
For some sites, you need to set a set of policies, not a single policy, because the sites you visit are likely to get data from other sites.
The VPN policies not apply in guest network.
IP-based policy worked for some sites and didnât work for whatismyip.com! Please give it a try.
Also I wish I could exclude all domains with my country suffix from vpn.
for me no working
hulu.com & netflix no possible to use, they see i use a vpn and lock me if vpn policy itâs active
just if i use vpn full without policy working but i loose contry film in netflix
regards
Hi,
Is there a plan to increase the available syntax for domain names? Currently dashes eg, gl-net.com are not allowed. This obviously limits the amount of domains that can be put behind a vpn profile.
Cheers,
2 Likes
Hello, I have just installed the very recent openwrt-mv1000-emmc-3.104.img (mostly for Adguard Home) but I bought this router to be able to use Wireguard as a client with policy routing. And it works well once you realize that MAC address works only for source and IP only for destination.
I have a small problem because I have 2 routers (double NAT).
Hereâs a simplified view of my network.
InternetâISP.ROUTER(LAN1)âBRUME(LAN2)
Almost all my network clients are in LAN2 and only one does not go into the VPN. But I have a phone blocker device that is in LAN1 and I cannot access it because requests to 192.168.1.0/24 are sent to the VPN. If I want to access it, I can remote control (RDP) the computer that is not routed through the VPN but itâs not convenient as itâs not my main computer.
Is there a way to disable routing through the VPN for a private address subnet ? Even without the GUI.
In the GUI, I cannot solve this using source MAC address.
alzhao wrote that âWe tried to make mixed policy and it will make the logic hard to understandâ but it doesnât have to be complicated to solve this problem on a single screen. Just look how its solved in asuswrt merlin
You can make an exclusion for 192.168.1.0/24 in vpn policies used in destination ip mode.
Hi.
I wonder for the IP-Based policy how many rules can I add into the list?
I have an Asus router it only allows 40-44 rules due to the limitation at the nvram storage level.
âŚcan I add 400-500 rules into the list?
Thank you.
No, I cannot because I am in source MAC address mode. This is the only way to have VPN for all but one LAN computer.
I have 500 based ip rulesâŚ
1 Like
Then you have to make a static route in the router to force traffic directed to 192.168.1.0/24 via wan and not via wg0
Itâs easier said than done. In Networks, Static Route, there is no wg0 interface.
Although it can be seen under Status, Routes.
Active IPv4-Routes
Network Target IPv4-Gateway Metric Table
wan 0.0.0.0/0 192.168.1.1 0 1
wan 0.0.0.0/0 192.168.1.1 10 51
wg0 10.11.0.1 - 0 51
wan 185.130.184.99 192.168.1.1 0 51
wan 192.168.1.0/24 - 10 51
lan 192.168.2.0/24 - 0 51
wan 0.0.0.0/0 192.168.1.1 10 52
wan 185.130.184.99 192.168.1.1 0 52
wan 192.168.1.0/24 - 10 52
lan 192.168.2.0/24 - 0 52
wg0 0.0.0.0/1 - 0 main
wan 0.0.0.0/0 192.168.1.1 10 main
wg0 10.11.0.0/16 - 0 main
wg0 128.0.0.0/1 - 0 main
wan 185.130.184.99 192.168.1.1 0 main
wan 192.168.1.0/24 - 10 main
lan 192.168.2.0/24 - 0 main`
I have played with CISCO and Mikrotik routers before but I cannot understand why it appears so complicated here.
Could you be more specific ?
You can try by ssh:
ip route add âipofyourclientâ/32 dev wan
After several attempts and several weeks later, I finally won this fight. And this is doable using the GUI. Itâs under Advanced, Network, Firewall, Traffic Rules. I added a rule above the last one âglserviceâ that looks like this :
IPv4-traffic
From IP range 192.168.2.0/24 in lan
To IP range 192.168.1.0/24 in wan
Accept forward
That way, even though all my traffic is sent to the VPN, the traffic from the second LAN to the first avoids the VPN. I am in a double NAT configuration because I donât own the first router / NAT but still needs to acces it from the second LAN behind the Brume.
please add port in vpn policies
Hello,
Please help me with this.
My problem is that my GL Box has a permanant VPN with my Wireguard private server, and when the VPN is working, whether I activate the option 'Use VPN for all process on the routerâ or Not, the DDNS of GLDDNS is always updated with the IP address of the VPN server (of the VPN) and not the real one.
Would you please help me ? I tried to put the WAN IP as an exeption but didnât work either.
Many thanks,
Joe
Pls let me know which model you are using.
Sure, itâs GL-iNet GL-MT300N-V2(Mango),
OS version : 3.203
DDNS needs some time to update.
When you turn on/off vpn policy, pls wait a while so that the ddns is updated. I am having a problem in my test environment and didnât finish testing. But I think the above is the reason.