VPN Director on ASUS AX88-U

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.


Occasional Visitor
Hello everyone. I hope I have posted this in the right section rather than the ASUSWRT specific section.

I have just upgrade to Merlin 386.3 and am liking the VPN director functionality. On the previous versions however, every device behind my router used to be forced to go through a VPN interface. If I wanted to exclude any single device so it instead went through the standard WAN, then I'd have to turn the VPN profile off, hence forcing all devices to go then go through the WAN interface rather than the VPN interface. I could not ever seem to create a rule (that actually worked) that simply forced one device through the WAN, and everything else to go through the VPN.

Using VPN Director, it seems I'm in the same place in that to achieve this I'd need to create a separate rule for every device on my network, for every VPN interface (I generally have 3 OVPN client interfaces configured on the router) so for example I have network 10 devices I'd potentially need to create 30 rules (10 devices x 3 OVPN profiles) - and also create a specific rule also for the device that I only want to go through the WAN interface.

Notwithstanding that some of these use DHCP which means that those IP addresses might change, am I into a world of constant rule management? Also if I wanted to add a new OVPN profile then I'd also have to recreate another set of 10 or so rules.

So my question is (I guess) I there an easier way to exclude any single device to force it through the WAN, and have everything else go through the VPN interface(s)?

I hope that makes sense. If so, am I missing something obvious?

Many thanks in advance.



Senior Member
... may be look to assign a static IP for the one device you want to go to WAN, and use CIDR to direct all others to VPN ....


Very Senior Member
I could not ever seem to create a rule (that actually worked) that simply forced one device through the WAN, and everything else to go through the VPN.

All that's required is two rules. One that routes *everything* through the VPN, and another that routes that one device over the WAN. Even though everything is routed over the VPN, the WAN rule will take precedence over the VPN rule for that one device. VPN WAN


New Around Here
To add to the question, what if I wanted to specific device (my TV) to go through a different VPN? My setting is like this, but it doesnt work - the specified device still uses VPN1: VPN1 VPN2


New Around Here
Thanks, but that does not work unfortunately. As soon as you add a rule with an IP like xxxx/24, it will always add it to the top of the list - even when you have created a rule for a specific device before.


New Around Here
Update: I played around with it some more and also reversed the order of the VPN connections itself. I added the VPN that I wanted to use for a specific device first (VPN1), then the VPN that I want to use for all other devices (VPN2). That way it works like a charm. I guess this is what you wer trying to tell me? :)

My setup now looks like this, which works great:

Screenshot 2021-08-03 115808.jpg


Occasional Visitor
Sorry for the delay in response, but just wanted to thank you all for your help. Your combined advice worked a treat and I now have it all working as I want.

Thanks again.

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online