Smart VPN routing + server switching with OpenVPN/LuCI?

I'm considering buying a rather powerful router (e.g. Linksys WRT3200ACM or NETGEAR R7800) which has enough CPU power to maintain a VPN connection to commercial VPN servers at high internet speeds. For the setup, I'm wondering if the following can be done with any pre-existing tools/packages:

(Warning: I'm a OpenWRT beginner, I used it once a few years ago, but have no deep experience)

I'd like to set up a "smart routing and switching" VPN on the router that fulfills the following:

  • Smart Routing:
    -- Traffic to "local" websites (within the country or region, have a list of whitelisted domains/IPs) is routed directly (no VPN)
    -- All other traffic is routed via the VPN
  • VPN server switching:
    -- Multiple VPN servers to connect to are configured
    -- From experience, the VPN connection to a specific server can die (be interrupted) after a while
    -- If the connection to the server is dead, switch to another one (either randomly, or cyclic, or based on best ping/highest speed)

That would be my minimum requirements... can I achieve that without writing a huge amount of code?

Bonus points if I can additionally achieve of the following:

  • Multiple VPN connections can be maintained the same time and traffic is routed through either one depending on certain criteria (e.g. whitelist, say Netflix to VPN-A and the rest to VPN-B)
  • The VPN connection is frequently evaluated (ping/speed) and automatically switched to a faster server if possible

This is impossible to answer without knowing what you consider to be "high speed" and what VPN protocols need to be used (e.g. OpenVPN is significantly slower than IPsec or wireguard). Taking this statement at face value, you'll inevitably end up with high-end i3 or medium i5, respectively lower end ryzen systems.

The rest of your requirements would be 'ambitious' (in an automated fashion), you'll have to spend quite some development efforts to accomplish that.

Hey, thanks for the quick response! I've checked the OpenWRT VPN performance page of the two routers I mentioned above and they should be able to achieve 100 and 200Mbit/s with OpenVPN, respectively. That would be enough for my application, I just don't want my fiber connection to drop to single digit Mbit rates as soon as it tunnels via VPN... so performance is not really my main concern.

I'm rather worried about the scripting effort and learning curve to automate the desired switching and routing behavior. Can you point me into the right direction here? Isn't there some open source package that supports the basic behavior, or at least some of it?

There is absolutely nothing "basic" about your desired functionality, it's rather very unique to your preferences and you'll probably have to start from scratch.

Edit: VPN client functionality, sure (split horizon DNS or policy based routing (albeit not in the form you seem to expect), possible, depending on your configuration abilities) - switching manually between different client profiles, yes. But everything you mention beyond that, is pretty much wishful thinking (imaginable, yes - but neither ready-made, nor 'easy').

Hmm, I don't find this behavior so unique... every other VPN app (by those commercial VPN operators) for phones/desktop PCs has this functionality - smart routing and choosing the "fastest" server. I have it working on my laptop and phone and use it on a daily basis.

I'd just like to bring this kind of functionality to my entire network so that all devices (e.g. SmartTV) can benefit from it, without setting up the VPN app + account on all devices (for some devices, that's not even possible).

An additional benefit of doing it on Access Point level instead of end-device level is that the devices can still talk to each other via local network... Example: Airplay between devices, accessing local servers, ... Even WiFi Direct screen mirroring from phone to TV doesn't work with activated VPN on the phone (apparently Android disables it).