VLAN "LAN access" and VPN Client "Routing policy" mutually exclusive?

Discussion in 'Tomato Firmware' started by dolhop, Oct 8, 2016.

  1. dolhop

    dolhop Network Newbie Member

    I have setup a VLAN for guest wifi. In addition, I have a VPN setup on the router such that all of this VLAN internet access goes out through the VPN using the "Routing Policy" feature.

    I have also enabled LAN to LAN1 in the "LAN Access" page, hoping to be able to access clients on the guest VLAN from the main LAN. However, it appears that the routing policy is sending all response packets through the VPN instead of back to the main LAN. This implies that, at least via the GUI, these features are mutually exclusive. Will I need to use custom iptables rules in the Firewall scripts page to achieve what I want?
  2. dolhop

    dolhop Network Newbie Member

    FYI, I fixed the problem by adding the following rule to the Administration->scripts->Firewall page:

    iptables -t mangle -I PREROUTING 2 -d -j ACCEPT

    This will not push any local packets through the VPN tunnel.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice