Hi, I have clarified my OP a bit.
On my Flint 3 I use the GL.iNet VPN Policy set to MAC-based routing (some devices go through NordVPN, others not).
Now I want to add an extra layer: certain websites (e.g. speedtest.net) should always bypass VPN for all devices, regardless of their MAC. I thought Policy-Based Routing (PBR) could achieve this, but in practice the VPN policy seems to override PBR completely. Even with PBR enabled, traffic to those sites still goes through NordVPN.
Could you please advise if it is possible to combine MAC-based VPN policies with domain/IP-based PBR rules, so that selected sites never use the VPN tunnel?
See the schematic here:
Thank you,