What's new

Issue with selective VPN Routing on ASUS GS-AX3000 (WireGuard & VPN Fusion)

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

BerkayDrsn

New Around Here
Hi everyone,

I’m setting up a VPN for my home network using my ASUS GS-AX3000 router (firmware version: 3.0.0.4.388_23088). I’ve configured a WireGuard VPN connection through the router’s VPN Fusion feature, and I want to route only specific traffic through the VPN while leaving the rest to use my regular ISP connection via WAN for every device in network.

To test this setup, I limited the VPN configuration to route only traffic for 104.19.223.79/32 and 104.19.222.79/32 (the IPs for WhatIsMyIPAddress) through the VPN by setting these in the Allowed IPs field. I expect the following behavior:
  • When I visit WhatIsMyIPAddress, it should show the VPN server’s IP.
  • For all other websites, it should show my ISP’s IP.
When I set Allowed IPs to 0.0.0.0/0, everything works as expected—all traffic is routed through the VPN server (a DigitalOcean droplet in the UK). However, when I restrict Allowed IPs to only 104.19.223.79/32, 104.19.222.79/32, traffic to these IPs works fine, but all other traffic fails—devices lose connectivity entirely for anything outside the specified IPs.

What I suspect:
  • When I configure VPN Fusion and assign a device to use a specific VPN configuration, the device does not fallback to the WAN connection if it cannot communicate with the assigned VPN. This means that if the destination IP is not included in the VPN’s Allowed IPs, the device effectively loses connectivity and cannot access the internet.
I would greatly appreciate any advice or insights on how to fix this behavior or configure VPN Fusion to allow fallback to WAN for non-VPN traffic. Thanks in advance for your help!
 
By the way, I would like to mention that if I use the same configuration in a WireGuard client on my laptop (instead of on the router), it works exactly as I expect.
Only the connection to the specified IPs is routed through the VPN, the rest of the traffic uses the WAN.

So I think, the problem here is how ASUS’s VPN Fusion firmware assigns a specific VPN configuration to devices. It seems that when a device cannot communicate through the assigned VPN config, it does not fallback to the WAN connection. Not sure if there is a workaround to this, but I'd like to hear your opinion.
 
I set up VPN Fusion with a Nord an Open VPN config and unchecked the "all devices" button. Then I added a single device in the box below it - my Firestick. That device runs on the Nord connection while everything else does not.

The reason it doesn't fall back may be related to it automatically getting a manual DHCP and MAC Binding. At least mine did. I never setup that up manually, once I set it up under VPN Fusion it showed up that way.

Edit I just tested by adding my phone to another VPN Fusion setup, it it manually bound my DHCP and MAC to it, too. Maybe that's it.

I'd like to know more if anyone else can chime in.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top