Policy Routing + LuCI UI

Hey folks, so I've ended up creating my own incantation of a policy routing package.

I was originally using stangri's excellent vpnbypass, then his excellent openvpn-policy-routing package, but for some reason I ended up having issues after a few hours. Tried to do some investigation to narrow down the fundamental cause, and well, ended up making a new package in the process. If you're happy with his, there's probably not much point installing mine, but if you'd had any issues it might be worth a go.

It's been tested against LEDE snapshot -- used for a few weeks by myself with two PIA VPN's (there's a PIA package too!) -- I envisage it'd still be functional against 17.01 etc.

opkg update
opkg install uclient-fetch libustream-mbedtls ca-certificates
echo -e -n 'untrusted comment: signify public key\nRWTJQ7zQrAjSK9ghgVcNRYNh2rVoHX24gg6awlYntnvfrnIzSy9GHDAn\n' > /tmp/tzarc_custom.pub && opkg-key add /tmp/tzarc_custom.pub
! grep -q 'tzarc_custom' /etc/opkg/customfeeds.conf && echo 'src/gz tzarc_custom https://opkg.tzarc.io' >> /etc/opkg/customfeeds.conf
opkg update
opkg install policy-routing
opkg install luci-app-policy-routing

Main differences:

  • Policy rules are ordered - once a match is found policies are no longer checked
  • Gateway interfaces can be explicitly defined
  • Strict enforcement of gateways can be toggled on/off on a per-gateway basis
  • Both IPv4 and IPv6 addresses can be mixed/matched
  • Domains are added for both IPv4 and IPv6 addresses
  • A "catch-all" rule can be created to force unmatched traffic through a specific interface


  • Lack of documentation
  • Sorting rules isn't available (yet)
  • Very basic UI
  • Only tested by me
  • Written for me
  • Written by me

Feel free to point out any issues - it's been working fine so far but I'm only using it in a specific manner.

1 Like

Amazing!!, This is like a MWAN3 replacement right? I think that this can actually be done using MWAN3...
Thanks for sharing it!

Conceptually, I guess.
For me (and others), mwan3 refuses to work with tun interfaces so it was a non-option.
It also has failover detection and load balancing and the like - something this can't do.
If you were really only using mwan3 for directing traffic through specific interfaces, this might be a simpler solution.

1 Like

May be there is some workaround to be able to use mwan3 for tun interfaces.
I think that developers must keep more connected each other, in linux world multiple software, many times multiple gui use same basic command line basic programs in order to do different thing at different complexity levels...
It would be great if you try work in some way with mwan3 developer/s to do something like this, get a basic level of common code, and get your gui uci api and the mwan3 one able to work, for some users your gui would be just right, and for others mwan3 will be needed but since both does the same in multiple areas would be good to share a base code.

It is just my opinion, Maybe this can be or not possible, anyway, your software seems to be great!

This is what I'm looking for, is this still being developed? It would be awesome if you release your source code so that I can include in on my own buildroot.

Not actively developed -- it's basically been hands-off since I "published" -- no real issues so no real need to fix anything.
Just plugging along, really. I've meant to do UI changes and stuff but realistically I haven't had the time or inclination to do so.

Will see about publishing the source over the next couple of days.

1 Like

Sorry for the wait.
Busy busy!

1 Like

Thanks I will use this now. BTW what's the other two packages?