Merlin VPN for specific applications?

[Luboknok]

I read that it is possible to configure the onboard VPN so that only certain app's traffic will route through it, leaving the rest of the traffic directly to the ISP. I believe this would involve proxy and a tunnel? Are there any guides or does anyone have some pointers that cover the basic steps?

 

[CaptainSTX]

I read that it is possible to configure the onboard VPN so that only certain app's traffic will route through it, leaving the rest of the traffic directly to the ISP. I believe this would involve proxy and a tunnel? Are there any guides or does anyone have some pointers that cover the basic steps?

You may be able to accomplish what you want directly through the GUI. When you set up a VPN client and enable policy routing you have the option to specify the local lan IP (device ) and the destination IP and then if it is handled using the WAN or a VPN.

You should try this to see if you can make it work before trying your hand at custom scripts.

 

[Martineau]

There is a page on the Merlin Wiki that explains Policy Based Routing in detail.
https://github.com/RMerl/asuswrt-merlin/wiki/Policy-based-routing

@CaptainSTX The Policy based routing GUI cannot Selectively route "applications" - source devices/subnets ONLY

Applications use ports and whilst the router can indeed Selectively route ports to a specific VPN by fwmark tagging (using custom scripts) you cannot differentiate between applications.

e.g. Suppose url www.abcdefg.com:80 is Selectively routed via a VPN rather than the WAN.
If a Laptop is connected to the router, and you use Firefox to access the url, suppose you then use Chrome to access the same url? The Selective routing will occur in both cases, but the router has no way of knowing if the client used Firefox or Chrome as the initiating application.

 

[Butterfly Bones]

I misunderstood what OP wanted, sorry.

I have OpenVPN for Android that can enable specific apps able to access the tunnel, but none of the desktop app offer that ability, at least from the two VPN providers I use.

 

[CaptainSTX]

@CaptainSTX The Policy based routing GUI cannot Selectively route "applications" - source devices/subnets ONLY

Applications use ports and whilst the router can indeed Selectively route ports to a specific VPN by fwmark tagging (using custom scripts) you cannot differentiate between applications.

e.g. Suppose url www.abcdefg.com:80 is Selectively routed via a VPN rather than the WAN.
If a Laptop is connected to the router, and you use Firefox to access the url, suppose you then use Chrome to access the same url? The Selective routing will occur in both cases, but the router has no way of knowing if the client used Firefox or Chrome as the initiating application.

I am well aware of policy routing's limitations. That is why I qualified my answer. If the OP wants to be more specific on what they are trying accomplish and what they mean by application a more precise answer/ solution to their request may be forthcoming.

 

[Kamikaze01]

Just found this 6 year old thread and have a similar question.

I use a VPN Client on my Asus Merlin (RT-AX880 with 388.2.2) and use a policy to route 192.168.1.1/24 (my whole LAN) over VPN.

This works like a charme and every device is using VPN.

Now there is an specific Android App on my Smartphone which won't work when connected to VPN.

I don't want to disable VPN (or at least WiFi) on my Smartphone, when using this app.
And after that I often forget to turn on WiFi again (and so I am without VPN until I remember myself...).

After doing some checks I could see, that this app is connecting to a very lot different IPs. And therefore I can not set an exception for these IPs.

Is there a way I can bypass VPN for a specific Android App? I can not figure out how my router will know that requests come from this Android App and they bypass it ...

If needed (I think this will be), I can SSH into my router and I already did some scripting (but it's long time ago)...
Maybe someone can help me?