DD-WRT - How do I exclude hosts / bypass VPN tunnel?

    We do not provide support in getting this functionality working on your DD-WRT router. You agree to use these scripts at your own risk.


    1. Go to SETUP / TUNNELS

    2. Set Advanced settings: Enable

    3. Set Policy Based Routing: Enter the IP address list in a CIDR notation.

    The hosts with the IP addresses specified in the Policy Based Routing (PBR) field will be routed via the WireGuard interface. Everything else will bypass the VPN tunnel and use the WAN interface instead.

    The IP addresses are entered in a CIDR notation as a comma delimited list (no comma at the beginning and at the end).

    When the list starts with a '#' symbol, all entries are ignored and PBR is disabled. This allows you to preserve the list for future use.

    You can also specify a range of IPs by entering, e.g. -


    1. Go to ADMINISTRATION / COMMANDS / COMMAND SHELL. Enter the following commands whilst substituting the IPs you wish to bypass the VPN (each IP separated by a space character):

      nvram set no_vpn_lst=""
      nvram commit
    2. Copy the script from below into the COMMAND SHELL and click on Save Custom Script

      sleep 30
      NO_VPN_LST=`nvram get no_vpn_lst`
      [ -z "$NO_VPN_LST" ] && exit 0
      while [ $WAN_GWAY == "" ]; do
      sleep 3
      WAN_GWAY=`nvram get wan_gateway`
      ip route add default via $WAN_GWAY table 10
      for ipa in $NO_VPN_LST; do
      ip rule add from $ipa table 10
      ip route flush cache
      exit 0
    3. Reboot. Now the devices with the IPs on your list will be routed outside the OpenVPN tunnel.

    Related Articles

    Still have questions?

    Get in touch and we'll get back to you in a few hours.

    Contact support

    Interested in privacy?

    Read our latest privacy news and keep up-to-date on IVPN services.

    Visit IVPN Blog
    Spotted a mistake or have an idea on how to improve this page?
    Suggest an edit on GitHub.