I’ve set up a Brume 2 in my home to act as a VPN server and have travelled overseas where I have my Flint connected to it as a client.
My current set up is to use my main WiFi network as the VPN connection, and the guest network as the local connection using the VLAN based setting.
I need the VPN connection to access streaming services from home and in order to make FaceTime calls (as I am visiting a country which blocks VoIP).
However, other than these examples, I would like to access the local / non-VPN connection.
If I keep the two networks as they currently are with VLAN based VPN policy, is it possible to make exceptions to certain domains on the VPN WiFi network to not go through the VPN, like how you can with targeted domain / IP based policy?
I could do the target domain / IP based policy and add domains listed in my DNS logs for the streaming services but how would I do that for FaceTime and VoIP calls?
I am very new to this all and not very technically savvy so I would appreciate any help or support!
GL.iNet Interface Scripts: Considering the numerous scripts on the GL.iNet interface, I’ve chosen policy routing via a personalized hotplug script. This script effectively handles custom domains or CIDR blocks to be exempted from the VPN, directly routing their IPs through the primary interface.
Routing Table Option: Alternatively, you can establish a routing table to circumvent the VPN. By adding “ip rule add” for specific devices on your network, you can control which devices use the VPN and which ones don’t.
To use this script, make sure to download bind-tools plugin as this script uses DIG to resolve hostnames.
#!/bin/sh
# Add a check for the interface name (e.g., wgclient)
if [ "$INTERFACE" != "wgclient" ]; then
exit 0
fi
# List of host names to add to the routing table
HOSTS="
Enter
Domain
Here
"
# List of custom CIDR blocks to add to the routing table
CUSTOM_CIDR_BLOCKS="
Enter
Custom
CIDR
Here
"
# Network interface name (change to your actual interface name)
BRIDGE_INTERFACE="rmnet_mhi0"
# DNS server for resolution (CloudFlare's public DNS)
DNS_SERVER="1.1.1.1"
# Determine the action based on the provided argument
case "$ACTION" in
ifup)
# Add routes for specified host names
if [ -n "$HOSTS" ]; then
for host in $HOSTS; do
for ip in $(dig +short @$DNS_SERVER $host); do
# Check if the IP address is IPv4
if echo "$ip" | grep -E -q '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
# Check if the route already exists
route_exists=$(ip route show dev $BRIDGE_INTERFACE | grep "$ip")
if [ -z "$route_exists" ]; then
ip route add $ip dev $BRIDGE_INTERFACE
else
echo "Route for IP $ip already exists. Skipping."
fi
fi
done
done
else
echo "No hosts specified. Skipping."
fi
# Add routes for custom CIDR blocks
if [ -n "$CUSTOM_CIDR_BLOCKS" ]; then
for cidr_block in $CUSTOM_CIDR_BLOCKS; do
# Check if the route already exists
route_exists=$(ip route show dev $BRIDGE_INTERFACE | grep "$cidr_block")
if [ -z "$route_exists" ]; then
ip route add $cidr_block dev $BRIDGE_INTERFACE
else
echo "Route for CIDR block $cidr_block already exists. Skipping."
fi
done
else
echo "No custom CIDR blocks specified. Skipping."
fi
;;
ifdown)
if [ "$INTERFACE" = "$BRIDGE_INTERFACE" ]; then
# Delete routes for specified host names
if [ -n "$HOSTS" ]; then
for host in $HOSTS; do
for ip in $(dig +short @$DNS_SERVER $host); do
# Check if the IP address is IPv4
if echo "$ip" | grep -E -q '^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+$'; then
# Check if the route exists
route_exists=$(ip route show dev $BRIDGE_INTERFACE | grep "$ip")
if [ -n "$route_exists" ]; then
ip route del $ip dev $BRIDGE_INTERFACE
fi
fi
done
done
else
echo "No hosts specified. Skipping."
fi
# Delete routes for custom CIDR blocks
if [ -n "$CUSTOM_CIDR_BLOCKS" ]; then
for cidr_block in $CUSTOM_CIDR_BLOCKS; do
# Check if the route exists
route_exists=$(ip route show dev $BRIDGE_INTERFACE | grep "$cidr_block")
if [ -n "$route_exists" ]; then
ip route del $cidr_block dev $BRIDGE_INTERFACE
fi
done
else
echo "No custom CIDR blocks specified. Skipping."
fi
fi
;;
esac