Configure GL.iNET GL-AR300M router with VPN connectivity but for guest no VPN

Installing and Using OpenWrt Network and Wireless Configuration
1

I have succeeded in configuring my openwrt router (model GL.iNet GL-AR300M (NOR)) so that

  1. I can enable/disable VPN (OpenVPN CLient) to my home network
  2. guests can logon using 2.4G Guest Wifi (which is using a different subnet 192.168.9.0/24 compared to connecting to the standard 2.4G Wifi (subnet = 192.168.8.0/24))

The problem is that

  1. when I enable VPN that also all guests are also using this VPN. This is something I do not want. My guests should not be able to use this VPN connection.
  2. I would like to be able to configure my router also when connected to the guest network (= 192.168.9.0/24 - my router IP is 192.168.8.1). Currently I cannot access my router admin dashboard (= http://192.168.8.1) when connected to the guest network.
  3. I am also wondering if I can configure my router so that only traffic for 192.168.2.0/24 is routed via my home VPN (in other words all other traffic is not routed via VPN).
2

You can use Policy Based Routing to only route a specific interface or range of client IPs via the VPN see:

3

Note that the latest firmware (available forom GL-iNet) is installed on my router =

  • OpenWrt 19.07.8 r11364-ef56c85848 / LuCI openwrt-19.07 branch git-21.189.23240-7b931da

I am not sure if that policy based routing is supported by that version as the document makes reference to openWrt version 22.03.0 and 23.05.0.

4

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

  1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
  2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
  3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

1 Like
5

if you have issues with the gl.inet firmware, you should ask gl.inet, we know nothing about it.

or install proper openwrt - https://openwrt.org/toh/gl.inet/gl-ar300m

1 Like
6

Thanks a lot for the responses.
I see that my router can indeed be upgraded with latest openwrt version.
At this point I am not tempted to do this as I would loose the Gl-iNet UI.

It is apparently also possible to configure some VPN polices using the Gl-iNet UI.

I have setup following VPN Policies for this:

image
image907×823 64.9 KB

7

I achieved this by setting up following Port Forwards rule under Firewall menu:

image
image1291×492 44.5 KB

So when connected to the wifi guest network I can access the admin panel via http://192.168.9.1