VPN Bypass (split tunneling) Service + Luci UI

Hi guys!
So after setting up my VPN connection on openwrt (Thanks to stangri) I moved onto setup split tunneling (vpnbypass), I installed all the dependencies listed in the readme file (except dnsmasq full, somehow it does not work correctly on my router) and the LuCi interface plugin, now I can setup the ports I want to offload from the VPN however if I try to start the service I get this message:

404 Not Found

Sorry, the object you requested was not found.

Unable to dispatch: /cgi-bin/luci/admin/services/vpnbypass

I tried to start the service via cli and that seems to return no error but the service is not listed as running anyway. Any Idea of what I should do?

What version of OpenWrt are you running?

It was the latest snapshot for the Xiaomi R3P, but nevermind, the build was too unstable for daily use, so I had to revert back to stock.

Thanks anyway =)

Thanks, submitted PR with the fix.

No problems, thanks for the amazing support.

Hey Stangri, your package is exactly what I'm looking for. Please forgive me, I've only just started with OpenWRT and this is my first post.

I'm running a Netgear Nighthawk X4S R7800 on OpenWrt 19.07-SNAPSHOT r10575-28d3afc8d6 / LuCI openwrt-19.07 branch (git-19.272.21960-7a7a56a) by hnyman. I've managed to get the OpenVPN connection going and installed VPNbypass and all the dependencies mentioned in your readme.

When in the WebUI I click on Enable/Start nothing happens. If I click Save & Apply I get the following error:

Failed to execute cbi dispatcher target for entry '/admin/services/vpnbypass'.
The called action terminated with an exception:
/usr/lib/lua/luci/model/cbi/vpnbypass.lua:79: attempt to call field 'restart' (a nil value)
stack traceback:
	/usr/lib/lua/luci/model/cbi/vpnbypass.lua:79: in function '?'
	/usr/lib/lua/luci/cbi.lua:226: in function '_run_hooks'
	/usr/lib/lua/luci/cbi.lua:403: in function 'parse'
	/usr/lib/lua/luci/dispatcher.lua:881: in function </usr/lib/lua/luci/dispatcher.lua:860

What am I doing wrong?

Welcome to the community.

This is not an expected behaviour. I'll have to look into it.

Yeah, this is a bug, I have fix ready, but I need to look into the other issue before I can submit the fix to the official repo.

As an update, the service does actually work. The button just doesn't change.

Implemented better service controls as in my other packages, PRs sent.

If you're on 18.06.x, you may want to install updated luci app from my repo, as I'm not sure that the feature (not a bugfix) will be accepted into 18.06.x now.

Same issue on button with 19.07 snapshot

what's the version of the luci-app-vpnbypass?





There's better buttons control in version -12. Please try that.

Where can I download that version?

Found it... Sorry... After I try

I'm not able to edit previous post, so, with version 12, the status is correct and better button.

Do you know when will be available version12 on official repo?


PRs were merged recently: master, 18.06, 19.07, so it should be available shortly.


sir how to fix this error im using gl-ar150

Mon Nov 4 09:28:11 2019 daemon.err modprobe: xt_set is already loaded
Mon Nov 4 09:28:12 2019 daemon.err modprobe: ip_set is already loaded
Mon Nov 4 09:28:12 2019 daemon.err modprobe: ip_set_hash_ip is already loaded

It's not an error per se, you can ignore these entries in the system log.

thanks sir.

Hi @stangri

Thanks for your work on your vpnbypass package. I've recently switched from DD-WRT where I was using a similar setup with dnsmasq, ipset, fwmark and iptables to mark traffic to bypass the VPN/create DNS based bypass rules. I like that on OpenWRT that you can just use opkg to extend the features required and even better you created a GUI in LuCI for this to make a bit more manageable.

Because I'm currently in the tinkering phase and getting comfortable with OpenWRT, I've noticed that depending on the changes made to router e.g. interfaces or high routing stuff, the VPN bypass setup seems to stop working. The ipset ruleset "vpnbypass" still seems to be present, but I believe either the fwmark/iptables rules may get nuked say if the network service is restarted or the firewall is restarted, even when doing a /etc/init.d/vpnbypass restart to apply them again, I noticed all my traffic was going through the VPN, even if an IP of a domain e.g. ifconfig.me was in the ruleset. Rebooting the router entirely brings things back to normal. This might suggest the traffic marking rules were lost.

I'm looking at ensuring that the vpnbypass fwmark and iptables rules are persistent and more resistant to such changes, would there be ways of accomplishing this? I've been reading some docs and Hotplug might be the answer to hook into various events with scripts.


Thanks in advance for your thoughts on this!

Edit: Looking at your VPN Policy routing package, it may be better to use that instead for "enforcement" purposes and more control.