Help Center
DD-WRT - How do I exclude hosts / bypass VPN tunnel?
We do not provide support in getting this functionality working on your DD-WRT router. You agree to use these scripts at your own risk.
WireGuard
-
Go to
SETUP
/TUNNELS
-
Set Advanced settings: Enable
-
Set Policy Based Routing: Enter the IP address list in a CIDR notation.
The hosts with the IP addresses specified in the Policy Based Routing (PBR) field will be routed via the WireGuard interface. Everything else will bypass the VPN tunnel and use the WAN interface instead.
The IP addresses are entered in a CIDR notation as a comma delimited list (no comma at the beginning and at the end).
When the list starts with a '#' symbol, all entries are ignored and PBR is disabled. This allows you to preserve the list for future use.
You can also specify a range of IPs by entering, e.g. - 192.168.1.64/26.
The IP addresses are entered in a CIDR notation as a comma delimited list (no comma at the beginning and at the end).
When the list starts with a '#' symbol, all entries are ignored and PBR is disabled. This allows you to preserve the list for future use.
You can also specify a range of IPs by entering, e.g. - 192.168.1.64/26.
OpenVPN
-
Go to
ADMINISTRATION
/COMMANDS
/COMMAND SHELL
. Enter the following commands whilst substituting the IPs you wish to bypass the VPN (each IP separated by a space character):nvram set no_vpn_lst="192.168.1.5 192.168.1.6 192.168.1.7" nvram commit
-
Copy the script from below into the COMMAND SHELL and click on
Save Custom Script
#!/bin/sh sleep 30 NO_VPN_LST=`nvram get no_vpn_lst` [ -z "$NO_VPN_LST" ] && exit 0 WAN_GWAY="0.0.0.0" while [ $WAN_GWAY == "0.0.0.0" ]; do sleep 3 WAN_GWAY=`nvram get wan_gateway` done ip route add default via $WAN_GWAY table 10 for ipa in $NO_VPN_LST; do ip rule add from $ipa table 10 done ip route flush cache exit 0
-
Reboot. Now the devices with the IPs on your list will be routed outside the OpenVPN tunnel.
Related Articles
- How to enable a 'Kill switch' in my DD-WRT/Tomato router?
- DD-WRT - TLS errors - incoming plaintext read error etc.
- OpenWrt - OBFS3 and OBFS4 Obfuscation with Obfsproxy and OpenVPN
- OpenWrt - TunnelVision Mitigation (CVE-2024-3661)
Still have questions?
Get in touch and we'll get back to you in a few hours.
Contact supportInterested in privacy?
Read our latest privacy news and keep up-to-date on IVPN services.
Visit IVPN Blog