How to allow certain ip to bypass vpn

3 posts / 0 new
Last post
artificia's picture
How to allow certain ip to bypass vpn

Hello all,

I have succesfully setup openvpn using ipvanish with Kong latest build on R7000. I have been looking for a way to allow one computer with static ip assigned i.e to bypass the vpn. So far I have no luck in doing so. I use policy based routing and input all others ip except and it does not work.

Any help is greatly appreciated.


kinakuta's picture
Hi Amir,

Hi Amir,

there are several ways you can do that, but I guess the easiest is by just using IP tables to route the IP(s) around the VPN tunnel. Here's how I did it:

In "Administration -> Commands" save this as a startup script with the list of IP(s) you want to bypass the VPN tunnel:

sleep 30
[ -z "$NO_VPN_LST" ] && exit 0
while [ $WAN_GWAY == "" ]; do
sleep 3
WAN_GWAY=`nvram get wan_gateway`
ip route add default via $WAN_GWAY table 10
for ipa in $NO_VPN_LST; do
ip rule add from $ipa table 10
ip route flush cache
exit 0
Then don't forget to add the firewall rules using iptables for the VPN routing and "Save Firewall":
# openvpn routing
iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE


showstopper's picture
I have this setup as well and

I have this setup as well and in the Policy Based Routing it directs that client to the VPN, othewise it is off.