Thanks for your work on your vpnbypass package. I've recently switched from DD-WRT where I was using a similar setup with dnsmasq, ipset, fwmark and iptables to mark traffic to bypass the VPN/create DNS based bypass rules. I like that on OpenWRT that you can just use opkg to extend the features required and even better you created a GUI in LuCI for this to make a bit more manageable.
Because I'm currently in the tinkering phase and getting comfortable with OpenWRT, I've noticed that depending on the changes made to router e.g. interfaces or high routing stuff, the VPN bypass setup seems to stop working. The ipset ruleset "vpnbypass" still seems to be present, but I believe either the fwmark/iptables rules may get nuked say if the network service is restarted or the firewall is restarted, even when doing a /etc/init.d/vpnbypass restart to apply them again, I noticed all my traffic was going through the VPN, even if an IP of a domain e.g. ifconfig.me was in the ruleset. Rebooting the router entirely brings things back to normal. This might suggest the traffic marking rules were lost.
I'm looking at ensuring that the vpnbypass fwmark and iptables rules are persistent and more resistant to such changes, would there be ways of accomplishing this? I've been reading some docs and Hotplug might be the answer to hook into various events with scripts.
Thanks in advance for your thoughts on this!
Edit: Looking at your VPN Policy routing package, it may be better to use that instead for "enforcement" purposes and more control.