VPN Bypass (split tunneling) Service + Luci UI


I have open vpn and I just want to have my ethernet cable coinnection via vpn, is it easy? I tried some method but it does not work.


I found another solution, but I have a question:

I need to add ''200 vpn'' - /etc/iproute2/rt_tables and append “200 vpn” at the end. to creating a custom routing table called “vpn” But where exactly I have to add that? I follow that :

''Sans titre We also need to create a new file, /etc/openvpn/route-up.sh, which specifies how to perform the routing correctly.

#!/bin/shecho "$dev : $ifconfig_local -> $ifconfig_remote gw: $route_vpn_gateway"# Remove default routes pushed by VPN server (we don't want to route # all network traffic through the VPN gateway)
/sbin/ip route del via ${route_vpn_gateway}
/sbin/ip route del via ${route_vpn_gateway}# Search route for traffic coming from in table 'vpn' # (unicast: This rule type simple causes the kernel to refer to the # specified routing table in the search for a route.)
/sbin/ip rule add from table vpn# Search route for traffic going to in table 'vpn'
/sbin/ip rule add to table vpn# Use 'vpn' table as default for tun0
/sbin/ip route add table vpn default dev ${dev}# Route traffic from/to on br-lan2 using the 'vpn'.  # table. ( is the source address for outgoing packets)
/sbin/ip route add dev br-LAN2 src table vpn

Now simply make this file executable:

chmod +x /etc/openvpn/route-up.sh

and when I add those lines in ssh : /sbin/ip route del via ${route_vpn_gateway}
/sbin/ip route del via ${route_vpn_gateway}

I got Command line is not complete. Try option "help"

1 Like

@NicholasKK have you flushed the DNS cache on your clients? I'd recommend rebooting everything.

@Jamesbe12 this is not a generic VPN support thread. Also, if you "found another solution" it's better to ask where you found it.

1 Like

Ive configured vpn bypass and I use Local IP Addresses to Bypass, when Ive put one adress to test, my cellphone, it worked but I added 4 others and only my cell is through isp directly. I dont know why? the others are still on vpn.. Do I need to use 192.168.xxx.xxx/xx ? cause I used 192.168.xxx.xxx only


Hi Stangri,

Do you mean that VPNBypass supports domain wildcards, when you have dnsmasq-full installed? If yes, which of the above is the correct syntax for the wildcard? I flushed the dns cache, but didn't have any luck with wildcards.
Thank you for your help

Dumb question: can I use VPN Bypass for a vpn client on a local pc (instead of the router)?

My pc when its vpn client/software (no split-tunneling) connects, it loses internet connection (as intended by the vpn software). The pc has 2 network adapters with 2 different IPs, so I was thinking to use VPN Bypass for one to allow internet. There is no vpn running on the router.

1 Like

Yes, you absolutely need dnsmasq-full for the domain-based policies to work. Have you checked README for additional details?

Legit question. Sadly, no, the VPN Bypass/VPN Policy-Routing need to be ran on the same device (router) where the VPN tunnel is configured/running.

Do you know of a software that can do that? Like a VPN Bypass software for pc.

Don't VPNs like Express offer Split tunneling? I'm not sure how it'll work on a router setup, however, it's fairly easy to use the tunneling feature on most desktop VPN clients.

No split tunneling support unfortunately

Dear all,

I‘ve got a stupid question.
In my case I‘m doing split tunnelling directly via ovpn files by route no pull and then routing vpn clients depending on destination networks. It works very nicely.
However, would it be faster via this tool or could I do vpn client balancing (like in pfsense I used to do in the past, in case one client would go down) ?

Many thanks and

cheers blinton

This won't do balancing, if you need balancing you may want to check out mwan3 which also supports policy routing.

1 Like

Perfect, thanks !
I‘ll have a look at mwan3 and see how to balance only ovpn clients. btw I have all interfaces on the same default / main table.
cheers blinton

Hello, I am making use of vpnbypass, but it does not appear to be working for me.

My (OpenWRT) router is at per usual, and I am using the Wireguard VPN. I want through .63 to bypass the VPN. Here is my /etc/config/vpnbypass file:

config vpnbypass 'config'
	option enabled '1'
	list localsubnet ''

If I switch over to a node whose IP address is in this range, however, and I do a public IP check (e.g. load up http://checkip.dyndns.org), I still see my VPN address, exactly as on nodes outside of the bypass range.

This is the case even after rebooting and allowing everything to start up on its own. I am not conversant with firewall rules and am unable to diagnose the problem myself. Am I doing something wrong?

I'm afraid I'm no closer to resolving the issue. If I attempt to restart the vpnbypass service, I see a suspicious error:

# /etc/init.d/vpnbypass restart
vpnbypass 1.3.1-4 stopped
RTNETLINK answers: No such device
vpnbypass 1.3.1-4 started with TID: 200; FW_MARK: 0x010000
vpnbypass 1.3.1-4 monitoring interfaces: vpn  ✓

Is vpnbypass compatible with Wireguard? I saw some comments about a default VPN route causing trouble for this package.

It may also be affected by the issue I'm trying to solve with vpn-policy-routing, but simple local ip-based rules should work.

Please be aware that this also includes which is not advisable. Either move all the devices you want to go out via WAN up in the range or use explicit (/32) subnet for the ip addresses you want to go out via WAN.

but simple local ip-based rules should work.

"Simple" is the name of my game, which is what has made this so frustrating. Everyone here has a complex setup, while I can't even get a "hello world" example going. My OpenWRT setup is about as basic as can be.

Please be aware that this also includes which is not advisable.

Oh, I thought specifying a higher IP address would shorten the range. The default config has "", and this is described as covering Would that not include, then?

In any event, I'd began to suspect that could be an issue, so I switched to a less-ambitious setup:

config vpnbypass 'config'
	option enabled '1'
	list localsubnet ''
	list localsubnet ''

I have a node at From there, the IP-check site still shows my VPN address...

I followed the instructions to the letter but for some reason, the Luci App does not load. The screen just stays blank when I try to start the app...

I can't seem to open the OpenVPN Luci app anymore either. Window stays blank on my PC. I just happened to check it through my phone and that did seem to at least provide some sort of insight... It appears that installing the app, somehow resulted in authorization to view the page. Message: "Access to was denied. You don't have authorization to view this page." What did I do wrong and how do I correct it?