Vpn policy excluded addresses not working on brume 2

@BerryPact @jdub

Thanks for your sharing!

The vpn policy on GL.iNet router is designed for the client devices, not the router itself.

But I am glad that you can do it either manually in luci or compile a firmware by yourself.

1 Like

Thank you for your reply!

I actually bought the Brume 2 for this exact purpose: VPN client router besides my main router, with domain exclusions. Trying the Drop-in gateway mode as well does not achieve my purpose.

Is there an easy way to achieve this at the moment ? Knowing that I use the Brume 2 as a secondary router (the primary being my 3-in-1 ISP router)

Here is my test, 4.2.0 firmware MT3000

Not using vpn for Google and Youtube.

When vpn is disconnected

I can still access Google and Youtube but not other domains.

So it appears that this works just right. Can you pls check if this is what you are doing?

Thank you for the quick reply. I appreciate it!

Yes, it works ONLY if you are on the LAN network for the router.

What I wasn’t aware of before buying the Brume 2 is that VPN policy exclusions do NOT work for WAN interface (which is my case). I use the Brume 2 as a second router besides my modem router to provide VPN capabilities and much more to my network. If only this was written somewhere…

I installed the beta firmware yesterday (4.2.0 beta2). I am glad I found that exact note written when configuring the Drop-in Gateway feature.

offtopic: speaking of beta firmwares, all my devices today keep connecting/disconnecting to the wifi network (on my ISP router) while using the Drop-in Gateway feature. It seems there are some stability problems. How can I help ?

1 Like

vpn and vpn policy only works for LAN of course.

If you want it work with WAN, drop-in mode is needed.

In 4.2, drop-in mode use DHCP. So can you turn off dhcp in your ISP router? It should work OK if your ISP still have DHCP on, but it is possible two router is racing for DHCP requests.

Sorry for the late reply. No, VPN policies do not work when drop-in gateway mode is enabled

Here is the note I wished it was written somewhere. Here are the configurations for both routers:



  • Asssign Brume 2 to
  • DHCP

ISP settings

Brume 2


The WAN on Brume 2 is connected to a LAN port on the ISP router. VPN client is enabled without a kill switch. If you think anything is missing, I can open a new topic. Sorry again for the delay