VPN Director Interface Suggestion


Regular Contributor
I have 5 VPN clients defined. I occasionally switch VPN clients. I now have 5 rules for each device going through the VPN with a separate rule for each VPN client.

Is it possible to modify the interface for adding and editing rules so that instead of having one rule for each VPN client, you can make a single rule that covers more than one VPN client?

For example, a radio button to select either WAN or VPN and if VPN is selected a group of 5 checkboxes where any or all of the VPN clients can be specified? When saving the rule, if VPN is selected and no VPN clients are checked, prevent saving the rule so that at least 1 VPN client is selected.

With this interface change, instead of having 5 entries/rows for a device, they would be represented by a single row showing which VPN clients were selected for that device.


Asuswrt-Merlin dev
That would not make any sense, because only one rule can be matched, therefore only one destination can be applied.


Regular Contributor
That single row would actually correspond to 5 rules, if all 5 checkboxes where checked.

This is just a convenience interface for the GUI. Each line currently maps to either the WAN or one of the VPN clients. With this updated interface, each line can map to 1 or more of the VPN clients and so would create the same number of routes/destinations.

I was thinking that since there must be code now that creates routes for a single VPN/interface that the code could be modified to create multiple routes. So, if the current data structure saved for a rule is:


The new data structure would be:


The list of Interfaces would be processed and create the same number of correspnding routes/rules as stored in the data structure.

Again, just a convenience thing and could make the list of rules much smaller in the GUI in some cases.

Just a thought. It's fine the way it is now, though. Thanks.


Senior Member
I would like that, too. I know exactly where you are coming from.

I believe that a tool should be shaped to fit the user / application, rather than the user be shaped to fit the tool.

At least you have the option to create 5 rules per device. I’m using VPN Fusion where, once a device is assigned to a VPN, it is no longer available.

My solution, and an expensive one at that, multiple devices.

A French iPad, a German iPad, a British iPad, a Swiss iPad - and same again for the Apple TVs. Not to mention the Surfaces, oh, and the iPhones.

But it does deliver the simplicity I want. I call it “just like being there”.


Asuswrt-Merlin dev
I believe that a tool should be shaped to fit the user / application, rather than the user be shaped to fit the tool.
A tool need to be intuitive to use, and to offer the options useful to a majority of users, not to a few niche cases. As a user, if a single config entry can generate 5 separate rule in the background, how do you know in which order these rules will be applied? Which one will have priority?

One of the important elements while designing VPN Director was to make it as obvious as possible in which order the rules would be applied. That's why entries are sorted by interfaces, with WAN being at the top. Rules are applied in the order they appear, starting from the top. Where do you put your catch-all rule in that list?

Also, a very, VERY small number of users out there use all five clients and have all five of them set to VPN Directory, and run all five of them all the time. This would be a very clunky way to implement something that would only target a minuscule portion of the userbase.

And having a single multi-rule entry makes management more complicated. The day you decide to take out one of the five clients, you can't just disable that one single client. You'd need to delete any of these "catch-all" rules, and create 4 new separate rules for each of them. That would be a poorly thought design. The current implementation allows you to just disable that one single rule, with just one mouse click.

And finally... How do you handle things once Wireguard gets added to the equation (because yes, back then I already that in mind when I decided to start designing VPN Director). Should a catch-all also catch all of the Wireguard clients? In which priority order? Then someone will ask for a catch-all that does only OpenVPN, only Wireguard, or both. You end up with an interface dropdown that offers 15 different options to chose from. That would also be a very poor design from a usability point of view.


Regular Contributor
OK. Thanks for taking the time to go through counter points/explanation. I agree with you. I wasn't aware that the order listed is the order the rules are applied and I hadn't thought of mixing different VPN clients such as Wireguard.

As I said, it's fine the way it is. I was thinking of how to make the interface more useful in a specific scenario...which didn't take into account the other scenarios and how they would be affected.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!