VPN Policys not working with Wireguard and Flint 1800

So I finally got my Wireguard to work. I had a Protonmail account and found a free version single device. I copied the config into the Flint and it connected perfectly… The speed tests look great as well.

A few things. It looks like the VPN policys do not work at all. I have them set up for Netflix, Amazon Prime Video, etc… All still report I am on a VPN and shut me down until I turn off the VPN. Is this a bug? How do I get it to work?

Also when using other VPN providers to test my current VPN they all report unprotected… Thats BS…How do I get a legit test that is not just some other VPN provider trying to get my business? How safe is this Wireguard? Can I assume its still better than no vpn?

If I can get my streaming to work without having to shut down the VPN that would be perfect…

You on 3.213 or 3.214 stable builds? Any adguardhome running? DNS traffic could be causing it? switching from OpenVPN may have caused a translating error. Perhaps deleting the vpn policy and add back the same ones while using wiregaurd may make it work. (I personal have done this many times where I made a policy and hit add but forgot to hit apply just something to watch out for.)

I just upgraded to 3.214 yesterday thinking it would fix the issue. I am going to try and remove the policy sites and re-add them as you suggest… good idea. will report back asap…

Ok, just got done deleting them and adding them back. I also tried turning off the vpn, then adding them and hit apply. Then turn the vpn back on. Also rebooted the router as well just to clear any crazy cached addresses…

No good, I cannot get it to work.

When you updated you kept all settings and packages.(I never check this option and let it erase and load fresh every time.) I then install luci manually add back packages and use a saved config file. I now its annoying and takes some time but I never have a issue with updates. I guessing something has happened to iproutingtables. Maybe alzhao might have a better take on it. May try reverting and not keeping settings and packages. Then update or wait to hear from alzhao

Yeah, I’d hate to have to start over on the router… But if it is the only thing I can do is to factory reset… I can give it a try…

Hope to hear from alzhao… :slight_smile:

How do you add? Post the vpn policy config please.

Post details. Let’s try one by one.

Ok so here is the screen shot of my VPN Policy.

And here is the NordVPN site saying I am UNPROTECTED while using Wireguard with ProtonVPN. All the VPN sites show unprotected if you are not using their VPN…

You aren’t using NordVPN so it will say unprotected as the IP address you are connecting from does not belong to one of their servers.

Thats my point…I am protected using a VPN… Just not the Nord one at the moment. I am using Proton VPN.
What site out there gives you an actual status of your security without saying you can only be protected using their service.

Here is the Mullvad report. They make me think my connection is wide open to the world. Im no expert, but just because they can identify any address does not mean they know who you are or what you are doing. This report shows Atlanta… I am in another state completely. Sure tells me that they dont know where I am.
Ironically, the Proton VPN site does not even offer a test of your security. I wonder if its because they offer a free one?

Anyway, I am just trying to free my streaming services using the Policy settings and it is not working.

Streaming devices may not be only using their common domain names (i.e., netflix.com, amazon.com, etc.).

For Netflix and Amazon Prime, I also see nflxso.net, nflximg.com, nflxvideo.net, amazonvideo.com, pv-cdn.net, akamaihd.net, aiv-delivery.net and their subdomains in my AdGuardHome query log.

Maybe you can put your streaming devices on the Guest wifi and configure it not to go through VPN.

I mainly use whatismyipaddress.com or whatismyip.com to check if VPN is working, not any of VPN provider websites.

I do not work for and I am not directly associated with GL.iNet

I think someone may have answered this but NordVPN will always say unprotected unless you are using NordVPN Servers. Same with PIA and Mallvad. Your protection is that the IP Address that it shows should not be the actual one that is assigned by you ISP.

Thanks, that makes sense. They have to show “some” address or you’d never have made it to that site to begin with… LOL

Hmm I always wondered if there were other domains but had no idea how to identify them… Where did you get those other domains from?

I started streaming Netflix, then Prime Video and my AdGuardHome server recorded those domains for name resolution.

Here are some more: primevideo.com, a2z.com, cloudfront.net, llnwd.net

Two basic check:

  1. IP check
    First, you need to check if your IP is the same as VPN server using various online tools, e.g. whatismyip, google etc.

  2. DNS leak check
    Then, you need to use dnsleaktest.com to check if you have DNS leaks. All the DNS servers should be servers of the vpn service or in the region of the vpn server. It should not contain your own vpn services and display your own region.

There are some other tools e.g. port detecting or webrtc checks. But basically the two above.

Thanks for the clarification… So any ideas why the Policy does not work with the Wireguard… It does seem to work with OpenVPN.

It should work with wireguard as well.

As Flint has a 4.x firmware, we’d like to put all the effort to 4.x. So if vpn or vpn policy does not work on 4.0, it may worth to fix.

Wireguard was not designed for routing in 3.x so very difficult to fix bugs.

Interesting. When does 4.x release. I’d love for the policies to work. At this time I just shut the vpn when I stream.

The gl-inet GitHub link is here, you need the ax1800.tar.gz for the flint, extract the openwrt-ipq807x-glinet_ax1800-squashfs-sysupgrade.tar file.

I’ running 4.0.1 beta2 on Flint: Wireguard VPN client works however VPN traffic stops working properly when I try to use the proxy mode VPN policy based on target domain or IP.

I don’t have this VPN policy routing problem with Slate AX with latest 4.0.2 release 1, neither with Brume on V3.215 2022-08-11. Any pre-release I could test for Flint ?