Hello Team. I need help with split tunneling in wireguard vpn setup. I have vpn setup with kill switch enabled. Though I am a techie , I dont have hands on for openwrt. I have setup VPN policy based routing and VPN bypass. Both are not working. I guess kill switch also might play a role. Attached my vpn bypass setup. Though i enable the rules , when i do speedtest it showsy vpn. I have added speedtest.net as a rule. Can someone guide me here. Is this possible ?
Hi there,
There might be a few reasons it could not work I do know from using this a long time ago that vpn-policy-routing needs certain dependencies.
- dnsmasq-full
- ipset-dns
- maybe some legacy iptables packages (?), For me on 22.3.2 it works fine.
I believe inside the settings you also need to enforce ipset.
If it doesn't work then, it might be dns related perhaps flush your dns, or check if the dns server is correct in the router.
The only thing I'm not so sure about is the prerouting ?, Shouldn't that be your interface?
1 Like
Thanks. Honestly I didnt understand much. Is there any document that i could follow to setup ?
I think best is to check documentation:
There might also be videos on youtube to give some idea.
1 Like
Thanks. Honetly it is beyond me to ubderstand the documentation. I will wait for anyone else who might have done it or any direct video links
If you're familiar, you can simply make the relevant IP routes and rules without an additional package.
See:
- https://openwrt.org/docs/guide-user/network/routing/ip_rules
- https://openwrt.org/docs/guide-user/network/routing/routes_configuration
I've never been able to add hostnames.
1 Like
My experience with vpn-pbr is that it works great with assigning rules to an interface. I’ve, also, never been able to do it with hostnames.
One thing I’ve noticed with vpn-pbr is that you need to uncheck the “use default gateway option” in your interface settings.
But assigning rules to an interface might be the “work around” you need. You could setup an interface and assign it to the wan, just for the purpose of running certain things like a speed test so you can bypass your VPN.
1 Like
Thanks for your response. Finally i got speedtest.net working so i can test . I want to bypass amazon.ca and hotstar.com/ca. How can i do it ? Problem is with amazon. I dont know what aws domains they call. My concern is that if i bypass aws it might bypass other genuine sites and leak dns. Even hotstar.com i could not by pass. Any pointers how to bypass such sites ?
Also if it helps. More precisely want to by pass specific apps in my nvidia sheild. Not all the apps hence cant go by device. I also observed amazon.ca is blocked inside my vpn. So i want to bypass these