Hey folks, so I've ended up creating my own incantation of a policy routing package.
I was originally using stangri's excellent vpnbypass, then his excellent openvpn-policy-routing package, but for some reason I ended up having issues after a few hours. Tried to do some investigation to narrow down the fundamental cause, and well, ended up making a new package in the process. If you're happy with his, there's probably not much point installing mine, but if you'd had any issues it might be worth a go.
It's been tested against LEDE snapshot -- used for a few weeks by myself with two PIA VPN's (there's a PIA package too!) -- I envisage it'd still be functional against 17.01 etc.
opkg update opkg install uclient-fetch libustream-mbedtls ca-certificates echo -e -n 'untrusted comment: signify public key\nRWTJQ7zQrAjSK9ghgVcNRYNh2rVoHX24gg6awlYntnvfrnIzSy9GHDAn\n' > /tmp/tzarc_custom.pub && opkg-key add /tmp/tzarc_custom.pub ! grep -q 'tzarc_custom' /etc/opkg/customfeeds.conf && echo 'src/gz tzarc_custom https://opkg.tzarc.io' >> /etc/opkg/customfeeds.conf opkg update opkg install policy-routing opkg install luci-app-policy-routing
- Policy rules are ordered - once a match is found policies are no longer checked
- Gateway interfaces can be explicitly defined
- Strict enforcement of gateways can be toggled on/off on a per-gateway basis
- Both IPv4 and IPv6 addresses can be mixed/matched
- Domains are added for both IPv4 and IPv6 addresses
- A "catch-all" rule can be created to force unmatched traffic through a specific interface
- Lack of documentation
- Sorting rules isn't available (yet)
- Very basic UI
- Only tested by me
- Written for me
- Written by me
Feel free to point out any issues - it's been working fine so far but I'm only using it in a specific manner.