Wireguard client split tunnel for ports

Technical Support for Routers VPN, DNS, Leaks
1

Hello

I have a GL-AX1800 connected as WireGuard Client to a VPS Server
Currently I'm filtering by MAC the devices that are allowed to go through the VPN.

However, I'm concern about the Bandwidth limit of my VPS (2TB). I don't want to be watching or worrying about go over the limit. As I want to have the infrastructure as transparent or with the less maintenance as possible.
So my idea is to implement some way to exclude specific ports or apps in one of my servers to avoid the VPN and don't spend Bandwidth.
I see some options here, but I'm very new in networking, so some guidance would be appreciated.

  1. In the router, split the traffic coming from my Server. If ie. port 64323, go through, avoiding Wireguard. If any other port, go through Wireguard.
    I think it cannot be done by GUI, but maybe through SSH or OpenWrt with Iptables ??

  2. Alternatively, split the traffic directly on my Server. I use Linux / NixOS
    Maybe this would be out of scope here, but maybe you can just help me with the concept idea, in case this option fits better than the first one?

  • a. Use Eth interface for everything and Wifi for Specific apps/ports ?
  • b. Create an additional virtual interface for the specific apps?
  • c. Create two WG interfaces and connect to Flint Router to the WG Server option?
    would any of these work?

I think this should be possible somehow, as for example NordVPN app provide out of the box this feature.

Thankss

2

Currently it is possible to go through VPN by specified device MAC (similar to you mentioned the point 1), or by specified domain/IP (similar to you mentioned the point 2, but need to import the list manually).

Both of the above ways are possible to save your VPS traffic.

4

Hi Bruce

thanks for answering

The option of filtering by MAC is working fine for me, however this option does not allow me to filter also by target domain (ie, to make youtube or netflix avoid using the VPN)

It seems that either you filter by MAC or by domain, but not both. For that you need to use maybe the Customize Routing Rules.

image
image2068×1944 370 KB

I have tried to set that one without success.

I have also tried to set the option "Based on the Target Domain or IP" and does not work at all, neither.

I have tried also setting it up by OpenWrt
using https://www.youtube.com/watch?v=0_zQAp3V18c
and this https://www.youtube.com/watch?v=YEHDf8-nZyA&t=213s

I have also checked to install Policy-Based Routing OpenWrt Package

But Flint has OpenWrt v21, so not compatible.

I don't know what else to try. I'm starting to check other routers with newer openWrt version or instead with pfsense.

5

As written on the linked website you can go with https://openwrt.org/packages/pkgdata/pbr-iptables instead, since it supports OpenWrt 21.

1 Like
7

Thanks for further clarification, I see, let's try to evaluate this.

Please let me know further info, such as, input the domain in the list with the mode 'do not use VPN', and trace the domain name to see how about the traffic of the domain goes to in the client PC.