VPN policies and traffic from

I’ve set up some VPN policies on my Mango based on target IP/domains (basically netflix traffic) and wireguard.
Everything seems to work properly from LAN clients perspective.
However, if I jump via SSH on the router, I noticed that all traffic from there use the wgclient interface.

This is my routing table:
estination Gateway Genmask Flags Metric Ref Use Iface
default * U 0 0 0 wgclient
default UG 10 0 0 eth0.2 * U 0 0 0 wgclient * U 10 0 0 eth0.2 * U 0 0 0 br-lan

A check on the route it takes for
root@GL-MT300N-V2:~# ip route get dev wgclient src uid 0

A check on my external ip reports the Wireguard endpoint instead of my isp:
root@GL-MT300N-V2:~# curl https://ipinfo.io/ip

What should I do to instradate traffic from router accordingly to VPN policies I’ve set?

The router itself does not respect the rules you set on vpn policies. It rather route all of its own traffic to vpn.

Is there any problem caused by this?

Thank you for answering.
Well, there’s also a Http Proxy (tinyproxy) installed on the router, and I’d like the traffic it generates could respect the vpn policies or at least bypass the VPN if possible.


To bypass VPN, run tinyproxy with group nonevpn:

uci set tinyproxy.@tinyproxy[0].Group=nonevpn
uci commit tinyproxy
/etc/init.d/tinyproxy restart

Thanks to its running group is configurable.

For general process to run with nonevpn group:

sudo -g nonevpn curl ip.me