Guest Network not working in Firmware 386.2_2

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

Mike S

Regular Contributor
Are you expecting your guest internet traffic to be routed through the VPN or to bypass the VPN and go directly out through the WAN?

If the former, your VPN server could be dropping traffic destined to the different subnet used by Guest #1. Perhaps it needs an additional route/iroute defined.

If the latter, do you have "Force internet traffic through tunnel" enabled or disabled on your VPN client settings? I have it set to "No" so that only traffic going to other VPN subnets gets routed through the VPN. With this configuration everything works fine even for guest #1. If you want your non-guest LAN traffic to use the VPN but the guest LAN to bypass it, then it seems like it would take some custom routing rules to make it work.
Actually this is another problem. Ideally, the Guest Network should only be open to the internet via the WAN port. However, this was discussed in another thread a year or so ago. Apparently, VPN connections are open to the Guests.

My VPN Clients are configured Policy Rules (strict), so only traffic to my remote office subnets go thru the VPN connections. All other, non-local traffic goes thru the WAN port.
 

bbunge

Part of the Furniture
Actually this is another problem. Ideally, the Guest Network should only be open to the internet via the WAN port. However, this was discussed in another thread a year or so ago. Apparently, VPN connections are open to the Guests.

My VPN Clients are configured Policy Rules (strict), so only traffic to my remote office subnets go thru the VPN connections. All other, non-local traffic goes thru the WAN port.
I was playing around with routing settings this afternoon in the OpenVPN client. Trying to get the Guest to go through the VPN. Did not work. Maybe there should be a script to reset the routing for the Guest 1 after the VPN client connects? Reset it to go through the WAN.
 

Mike S

Regular Contributor
I was playing around with routing settings this afternoon in the OpenVPN client. Trying to get the Guest to go through the VPN. Did not work. Maybe there should be a script to reset the routing for the Guest 1 after the VPN client connects? Reset it to go through the WAN.
Guest1 traffic will not go thru an open VPN Client connection. It will go thru the WAN port (not sure why this is working now, when it wasn't before).

Guest2 traffic WILL go thru and Open VPN Client connection, as well as the WAN port, depending on the destination subnet, when you have Policy Rules enabled on the VPN Client.

It would be nice to get a detailed explanation on why Guest1 and Guest2 work differently.
 

manocinca

New Around Here
Guest1 traffic will not go thru an open VPN Client connection. It will go thru the WAN port (not sure why this is working now, when it wasn't before).

Guest2 traffic WILL go thru and Open VPN Client connection, as well as the WAN port, depending on the destination subnet, when you have Policy Rules enabled on the VPN Client.

It would be nice to get a detailed explanation on why Guest1 and Guest2 work differently.
I have the same problem with 2peaces of RT-AX68U device in AiMESH system
the differences between guest 1 and guest 2 networks is the AI mesh nod extension support. Guest 1 network can work on AiMESH client devices, not just the on the master router. Guest2 network can't extend to other aImess nods devices. It can work just a master router.
An this is my problem. If on guest network 1 intranet = DISABLED the client devices not became an ip address. But this fail is on just AImesk client nodes. On the master AImesh router ist work fine the guest1 network.
And sorry for my english.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top