I tried to add custom route to a set of ip addresses via wan interface so it doesn’t go thru the Wireguard interface.
I can access those destinations for router terminal, but not the client computer. I wonder if the firewall block all clients’ traffic to and from WAN interface after Wireguard client in router is connected. And how can I allow clients traffic being forward to wan interface.
Thanks
Check vpn policy
Thanks for your quick reply!
Ideally, I would like to split the internet traffic to China and non-China, and I like to have all China bound traffic going thru WAN interface but how non-China traffic going thru VPN.
I have tried to add all ip ranges in chnroute.txt file as ip rules, but my AR750 has no enough memory to cope with the large set of rules. I’m trying geoip from MaxMind, unfortunately they stopped offer legacy database this year, and iptgeo package cannot handle their new database format.
Do you have other suggestion on directing traffic based on country?
Thanks
Hi Zhao,
I upgrade the fireware 3.022, and realize the policy file is locate in /etc/route_policy/domain_name/bypass_vpn, I wonder if I can dump all IP ranges (over 8000 entries) to manual-list.conf, and if the router can handle that.
Joseph
I am not sure. But we don’t have a solution for you. China is not somewhere we want to deal with.
@alzhao I was wondering am I able to bypass a domain name completely with /etc/route_policy/domain_name/bypass_vpn?
Something like this:
google.com
youtube.com
*.net // for all .net domains
netflix.com
Is there any solution?
you can already do this on the UI.
The UI won’t let me add *.net as a domain.
Okay. You cannot use wildcard
Wildcards would be useful. Is there any chance this might be added in a future release?
Unfortunately wildcard is not possible at present