I have OpenWrt 18.06.0 running on a Netgear DGND3700v1 and can quite happily have it connect to my OpenVPN (streisand) server with all traffic routed via the VPN on tun0. However, due to the router's limited processing power, speeds are pretty slow when using this method, so I'd like to have all LAN traffic bypass the VPN and go straight out of the WAN interface. This way everything connected wirelessly gets VPN by default and everything hooked up with a cable gets full speed and can run a VPN client themselves if required.
However, I have had zero luck in getting this working. I can have everything routed via VPN, everything routed via WAN without VPN, but never a combination of the two. I've followed guides concerning setting up a second routing table, I've tried WAN and LAN bridged and I've tried using the vpnbypass service, nothing has worked.
The setup I would like is to have WAN, LAN, WLAN and VPN interfaces, with WAN getting its connection via DHCP, LAN using 192.168.33.0/24, WLAN using 192.168.34.0/24 and routing configured between LAN and WLAN (no bridging). I should then be able to use vpnbypass to specify 192.168.33.0/24 as the address range to bypass the VPN. I don't need to support IPv6 in this environment, so I don't mind if it's present or not.
When I last got close to this setup everything worked except the bypass; entering an address or address range would result in clients on the 192.168.33.0/24 range losing WAN connectivity completely.
I've definitely spent too many hours on this already, so if somebody with more experience is able to advise, I would really appreciate the help. Most tantalising are the instructions on the Streisand GitHub page for OpenWrt where it says "TODO: Add necessary code to have one WiFi Network with VPN and other without (in a few days)...". Ah, well.