You need to determine why your VPN doesn't work
at all with either firmware before playing around with policy rules. It's probably going to be easier to debug things if you use Merlin's firmware rather than stock.
I'm bit concerned with how you're testing that it's working or not. Are you in the UK? Does the WAN IP address shown by
https://canyouseeme.org/ change when you enable and disable the VPN client?
Hi Colin. No, I'm not in the UK at the moment. Wish I was. Sorry for the confusion. Currently I'm running Asus stock firmware, Nord and Express work perfectly. I see my address in the UK when they're on.
With Merlin when I tried it, my address stayed firmly in my country of origin. It's altogether possible I hadn't configured the rules correctly. I tried/changed so many things whilst trying to get it working, and all common sense and method went out of the window.
Just to be clear before I try again:
If I choose "Forced, Yes or No" all traffic goes to the vpn regardless because Nord and Express will force it to be the default. And I must include statements to send chosen non-vpn addresses to the WAN?
Will that work? (Pretty sure I tried that, unsuccessfully)
If I choose "Policy Rules", all traffic goes to the WAN, and I must put statements in stating "VPN" for any exceptions to that.
Is that correct?
And with the "Policy Rules" choice, do I have to include a statement explicitly sending all traffic to the VPN? I'm not sure after reading some of the posts.
Tech 9's advice....
"In Asuswrt-Merlin all the clients go through WAN unless rules are set." This is with "Policy Rules" set on, yes? Not with "Forced, Yes or No"?
The simplest configuration:
Network 192.168.1.1/24 0.0.0.0 VPN - all devices through VPN
Router 192.168.1.1 0.0.0.0 WAN - exclude router from VPN
My_PC 192.168.1.x. 0.0.0.0 WAN - device X through WAN
So does split tunnel only work if ALL traffic is forced down the vpn, and then statements for exceptions to the WAN?
Sorry for any misunderstanding....