If you run OpenVPN directly on your OpenWRT router, it usually hijacks your entire internet connection. But what if you only want specific apps, websites, or devices to use the VPN?
By combining OpenVPN with PassWall2 and Sing-Box, you can convert your VPN connection into a flexible proxy node.
Why do this? (Use Cases)
- Smart Routing: Route only specific traffic (like foreign streaming sites or blocked services) through the VPN, while keeping your local traffic on your fast, regular ISP connection.
- Local SOCKS Proxy: Expose the OpenVPN connection as a SOCKS proxy that anyone on your local Wi-Fi network can manually connect to.
-
Multi-VPN Setup: Run multiple VPN locations at the same time (e.g., US on
tun0, UK ontun1) and assign different devices to different countries.
Step 1: Install & Configure OpenVPN
First, we need to set up OpenVPN so that it connects but doesn't take over your entire network.
- Install
luci-app-openvpnandopenvpn-opensslon your router. - Add your OpenVPN profile (if you are using a provider like ProtonVPN, follow their setup guide, but skip any steps regarding firewall rules).
- To prevent the VPN from pulling the default gateway, add these two lines to your OpenVPN configuration text:
route-nopull
pull-filter ignore "redirect-gateway"
Step 2: Create a Network Interface
Next, we need to give OpenWRT a way to talk to this specific VPN tunnel.
- Go to Network > Interfaces in LuCI and click Add New Interface.
- Name it something recognizable (like
openvpn). - Set the Protocol to Unmanaged and select
tun0as the device. - Save, apply, and start your OpenVPN client.
Note that the interface may not appear in the list before you connect to openvpn.
Step 3: Link to PassWall via Sing-Box
Now, we will turn that tunnel interface into a standard proxy node inside PassWall2.
- Make sure you have PassWall2 and sing-box installed on your OpenWRT router.
- Open PassWall, add a new node, and select sing-box as the type.
- Choose custom interface for the connection type, and input
tun0.
Step 4: Route Your Traffic
You're all set! This OpenVPN connection is now a regular proxy node inside PassWall. You can now use PassWall2's powerful rules to selectively route your network traffic through it, or configure PassWall2 to expose it as a SOCKS proxy for your local network.
Tip: If you want to add more VPN locations, just repeat the steps using tun1, tun2, etc., and create a separate PassWall node for each!
Top comments (0)