I think the issue is that your VLAN2 traffic is going over the wireguard tunnel.
If you remove the above, and also the vlan2 rule here:
...does that fix the issue?
Success! Thank you, that's solved it.
So if I'd like to add a VPN back to VLAN 2, do I need to read up on PBR or can it be achieved using openwrt's firewall config alone?
I'm also going to make these changes from this blog (https://jeff.vtkellers.com/posts/technology/force-all-dns-queries-through-pihole-with-openwrt/) to ensure all DNS requests get routed to the pi hole. Any issues in doing so?
I've copied the recommended config from the post below:
Protocol: TCP, UDP
Source zone: lan
External port: 53
Destination zone: lan
Internal IP address: 192.168.1.101 (this is address of my PiHole, yours may be different)
Internal port: 53
PBR is the way to go. It's possible to do this with routing tables in general, but I think the easiest method is PBR.
The firewall alone won't do it, though... you can think of the firewall as defining what is allowed or denied, but the routing engine (and PBR in your case) is what actually handles the routing of the packets. They are closely coupled, but different operations.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.