A simple procd-based vpnbypass
service for OpenWrt/LEDE Project. This is useful if your router accesses Internet through a VPN client/tunnel, but you want specific traffic (ports, IP ranges, domains or local IP ranges) to be routed outside of this tunnel.
iptables
rules which are automatically updated on WAN up/down events.luci-app-vpnbypass
) is provided so all features may be configured from the Web UI.This service requires the following packages to be installed on your router: ipset
and iptables
. Additionally, if you want to use the Domain Bypass feature, you need to install dnsmasq-full
(dnsmasq-full
requires you uninstall dnsmasq
first).
To fully satisfy the requirements for both IP/Port VPN Bypass and Domain Bypass features connect via ssh to your router and run the following commands:
opkg update; opkg remove dnsmasq; opkg install ipset iptables dnsmasq-full
To satisfy the requirements for just IP/Port VPN Bypass connect to your router via ssh and run the following commands:
opkg update; opkg install ipset iptables
If you are running a development (trunk/snapshot) build of OpenWrt/LEDE Project on your router and your build is outdated (meaning that packages of the same revision/commit hash are no longer available and when you try to satisfy the requirements you get errors), please flash either current LEDE release image or current development/snapshot image.
Please ensure that the requirements are satisfied and install vpnbypass
and luci-app-vpnbypass
from the Web UI or connect to your router via ssh and run the following commands:
opkg update
opkg install vpnbypass luci-app-vpnbypass
If these packages are not found in the official feed/repo for your version of OpenWrt/LEDE Project, you will need to add a custom repo to your router first.
The default configuration ships with the service disabled, use the Web UI to enable/start the service or run uci set vpnbypass.config.enabled=1; uci commit vpnbypass;
. It routes Plex Media Server traffic (port 32400) and LogmeIn Hamachi traffic (25.0.0.0/8) outside of the VPN tunnel. Internet traffic from local IPs 192.168.1.81-192.168.1.87
is also routed outside the VPN tunnel. You can safely delete these example rules if they do not apply to you.
Please head to OpenWrt Forum for discussions of this service.
Domain lists should be in the following format/syntax: /domain1.com/domain2.com/vpnbypass
. Please do not forget the leading /
and trailing /vpnbypass
. There is no validation if you enter something incorrectly -- it simply will not work. Please see Notes/Known Issues if you wish to edit this setting manually, without using the Web UI.
1.3.0:
wan
) works with other interface names (like wwan
)./etc/config/vpnpass
, but rather in /etc/config/dhcp
. To add/delete/edit domains you can use VPN Bypass Web UI or you can edit /etc/config/dhcp
manually or run the following commands:uci add_list dhcp.@dnsmasq[-1].ipset='/github.com/plex.tv/google.com/vpnbypass'
uci add_list dhcp.@dnsmasq[-1].ipset='/hulu.com/netflix.com/nhl.com/vpnbypass'
uci commit dhcp
/etc/init.d/dnsmasq restart
This feature requires dnsmasq-full
to work. See the Requirements section for more details.