1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

VLAN "LAN access" and VPN Client "Routing policy" mutually exclusive?

Discussion in 'Tomato Firmware' started by dolhop, Oct 8, 2016.

  1. dolhop

    dolhop New Member Member

    I have setup a VLAN for guest wifi. In addition, I have a VPN setup on the router such that all of this VLAN internet access goes out through the VPN using the "Routing Policy" feature.

    I have also enabled LAN to LAN1 in the "LAN Access" page, hoping to be able to access clients on the guest VLAN from the main LAN. However, it appears that the routing policy is sending all response packets through the VPN instead of back to the main LAN. This implies that, at least via the GUI, these features are mutually exclusive. Will I need to use custom iptables rules in the Firewall scripts page to achieve what I want?
     
  2. dolhop

    dolhop New Member Member

    FYI, I fixed the problem by adding the following rule to the Administration->scripts->Firewall page:

    iptables -t mangle -I PREROUTING 2 -d 192.168.0.0/16 -j ACCEPT

    This will not push any local packets through the VPN tunnel.
     

Share This Page