This was created out of necessity -- my internet traffic is routed thru VPN tunnel (my router is VPN client) and I needed split tunneling to route some traffic outside of the VPN tunnel.
Started with connections to local Plex Media Server then I wanted to access some domains and IP ranges outside of the VPN tunnel and then I wanted some local network IPs/ranges to access internet outside of VPN tunnel. All of that is supported in the service.
Make sure to check out the README for detailed information and instructions.
Super cool, will be taking a peek at this. Would be really nice to integrate this. I already added a long list of pia "recipes" into my build, and will be doing some ipvanish ones as well. Would be cool to integrate it into all one package.
You think you will work on rules to route particular IP's outside of the tunnel? I know in my case I would like the ability to have a VPN client running on the router, but only have 3 - 4 IP's that actually go over that tunnel, while the rest of the traffic takes the normal WAN route outside of the tunnel.
This is nice for users with faster internet speeds, so really only want to have a few sacrificial lambs so to say to the throttled VPN single core gods, while all else enjoys the exposed fast connection.
If that's the case then I believe it should be best done with the openvpn config and not using openvpn server routes as defaults.
However as a work-around, you can define 192.168.1.129/25 as an exclusion range (instead of the default 192.168.21.80/28) and only assign addresses below 129 to the devices you want to go thru OpenVPN.
@cybrnook, @dziny -- I want to limit the number of changes I make to the code why the pull request for the official repo is open, but I can post a special build for you gentlemen where you could specify select IPs to use the tunnel and everything else to go outside of it, if you are willing to test it. Let me know.
What you need to set is an option I temporarily called reverselocalsubnet/Reverse Local IP Subnets.
Things should break if you have more than one of them (only the last one should work AFAIK) and to further complicate things, it's in the format of a subnet, not range of IPs.
For a single IP to have VPN connection you can use IP/32 (192.168.1.101/32). For the range, use online netmask calculators (or this: https://kthx.at/subnetmask/) but with /30 you get 4 IPs in the range, with /29 you'll get 8 and so on.
So, since @cybrnook made me aware of a more elegant policy-based openvpn routing available on a different firmware, I've decided to abandon the awkwardly-named "reverse local subnet" thingy and pursue the equivalent policy-based routing functionality within vpnbypass.
In the mean time, besides the short-lived build 1.0.0.-5 (which still has that revers local subnet setting), the vpnbypass assumes that default routing rule so to go thru VPN and allows you to make port/local IP/remote IP/domain name-based exceptions, not the other way around.
I'll post here (and you'll see the build number jump beyond 1.0.x) when the policy-based routing is in place.
This actually only allows you to bypass vpn tunnel for certain things. If you want more control over what goes where, there's openvpn-policy-routing service in development and actively looking for testers.
I'm having trouble applying domain based rules.
I know the package is installed because if I put in ports 1-65535 all IP websites (for testing purposes let's say iplocation.net) return my real IP. As soon as I turn the service off, back to VPN IP.
My example domain rule:
stangri, Great work here. I am following the guide on installing VPN Bypass on OpenWRT and ran into some problems. I am hoping you can point me in the right direction. When I start the vpnbypass services I get the following errors in the system log. Regards, eleven
Tue Jul 11 07:04:00 2017 user.notice vpnbypass : service stopped
Tue Jul 11 07:04:00 2017 user.notice vpnbypass :
ERROR: iptables -t mangle -A VPNBYPASS -m set --match-set vpnbypass dst -j MARK --set-mark 0x010000/0xff0000
Tue Jul 11 07:04:00 2017 daemon.err modprobe: failed to find a module named xt_set
Tue Jul 11 07:04:00 2017 daemon.err modprobe: failed to find a module named ip_set
Tue Jul 11 07:04:00 2017 daemon.err modprobe: failed to find a module named ip_set_hash_ip
Tue Jul 11 07:04:00 2017 user.notice vpnbypass : service started with TID: 200; FW_MARK: 0x010000