Wireguard split tunneling on GL-iNET openwrt

danlaw · November 1, 2020, 7:09pm

I recently tried out wireguard and set it up on various Linux boxes, and they seem to do split tunneling by default. Ie I set up the config file on the client with something like
AllowedIPs = 192.168.75.0/24
and the client routes that subnet via the VPN but bypasses the VPN to allow access to the rest of the internet.

But when I set up the GL-iNET AR750 (a WiFi router) for Wireguard similarly, it seems to block all access except to that subnet.

The GL-iNEt router is running openwrt under a proprietary GUI. The openwrt firewall setup looks like it might allow split tunneling, but I don’t have experience with openwrt and I’m hoping I don’t have to experiment randomly.

Does anyone know enough about Wireguard or GL-iNET or openwrt to offer a hint?

tvjay · February 20, 2021, 6:08pm

I wasn’t able to get split tunneling to work but I did use the VPN Policy option to exclude certain websites from going across the tunnel.

danlaw · April 2, 2021, 8:33pm

Thanks for the suggestion. I apologize for responding so very belatedly because I was sad that a better solution had not shown up. After all, users have an irritating habit of wanting to use their home connection for umpteen different sites and apps, not just two or three.

If we still need VPN for some users, I think I’ll just put Wireguard on their Windows boxes, and see how split tunneling works with those.