Create a PBR for VPN

Sorry, but I'm looking for help once again.
I tell you my goal: I live abroad and I want to have the vpn active only for certain sites: like neflix and local televisions, so as to make them work on apple tv that does not accept VPN.
At the moment I have configured wireguard and everything works perfectly.
I was planning to create a second wifi network, and I did it with a guest network, but unfortunately it doesn't work because all internet traffic goes through the VPN interface.
I figured out that the solution is PBRs.
Could I make a PBR in which I define that wifi network number 2 must not be under VPN, or by reading the documentation I could also make a rule that makes me connect without VPN and activate the VPN only on certain domains?
In this case everything would be simpler because I would have only one network.
To achieve this I think the easiest way is to install and configure this plugin, right?

Can you tell me how to proceed?
Thank you.

That is the old vpn-bypass.

You need the new PBR package

I find this in the forum.
Can it be a good solution?
Setting a higher metric in the interface options for a gateway gives it a lower priority. Try giving your tun0 a higher metric, which should allow your wan to become the default gateway (it will be the gateway with a checkmark at the top of pbr in luci). Then you should be able to create a rule that only allows what you want to use the vpn.

I configured everything but I have a problem.
The guest network sometimes connects, other times it gives me ip conflicts.
I configured it on the WAN.
For example, I can connect one device and the others cannot.
Or the 5ghz network works and the 2.4ghz doesn't.
Can anyone help me?
Thank you.

This is the problem.

Screenshot 2023-08-19 alle 08.02.56746×418 29.8 KB

This is my network config:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd86:0fdc:14d5::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '9.9.9.9'
	list dns '1.1.1.1'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

config interface 'wg0'
	option proto 'wireguard'
	option private_key ''
	list addresses '10.14.0.2/16'
	list dns ''
	list dns ''

config wireguard_wg0
	option description 'i'
	option public_key ''
	list allowed_ips '0.0.0.0/0'
	option endpoint_host 'it-
	option endpoint_port '51820'
	option route_allowed_ips '1'

config interface 'guest'
	option proto 'static'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'

Can someone help me?

To be fair, unstable Wi-Fi deserves a separate thread.
On the other hand, you can use PBR selectively in your main network.

I'm trying to do it, but I don't have success.
If I configure my network to wan it's without VPN.
If I add a website in that configuration, all goes under VPN and the website without VPN.
If I set all with wireguard and I set a domain it is without VPN.
I try to set my apple TV with wireguard.
I assign it a static IP.
It doesn't work.
With MAC address it doesn't work.
Can someone suggest me a correct rule?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.