This article is to introduce how VPN Policies work and add rules in batch on GL-iNet Routers.
1.We have two types of policies, one is via MAC Address, and the other is via Domain/IP. Each of them supports both white list and black list.
Via MAC Address:
This filtering rule is according to the source MAC address of the clients. Take white list as the example, all the clients whose MAC address are in the white list can access Internet via VPN tunnel while other clients will be forwarded to WAN without VPN encryption, and vice versa.
Via Domain/IP:
This filtering rule is according to the destination Domain/IP of websites or services you want to access. Take white list as the example, if you want to access these websites or services in the white list, it will go through VPN tunnel while others will be forwarded directly from the WAN without VPN encryption, and vice versa.
2.Generally you can add the rules one by one on the web GUI, and if you would like to add in batch, you can download a WinSCP software to make it.
You can find and download this software in this link: https://winscp.net/
3.Login your router on WinSCP as the following picture. Hostname is the IP address of your router (192.168.8.1 by default), and password is the same to the one you setup on web GUI.
4.Go to this directory:
/etc/route_policy/
5.If you want to add rules via MAC Address, you shall replace the manual-list.conf file in this directory:
/etc/route_policy/mac/via_vpn/
Note: you can drag the file in your computer (the left side) to your router (the right side) directly on this software, but the format of rules shall be like this:
6.If you want to add rules via Domain/IP, you shall replace the manual-list.conf file in this directory:
/etc/route_policy/domin_name/via_vpn/
Note: you can drag the file in your computer (the left side) to your router (the right side) directly on this software, but the format of rules shall be like this:
7.Then the rules have been added in batch successfully, you can check them in the web GUI.