[Feature] add support for control device using vpn or not

[wzhy90]

ATM all clients working through vpn, but some of the client that I dont want it using vpn. Can you add a control switch for which client can use vpn?

[qweedleguy]

Maybe something like AFWall would be useful for this?

[worstperson]

It's possible to do it like this, in this case I'm usb tethering wlan0 and routing one client through a VPN:

# Allow traffic between rndis0 and tun0, but drop invalid packets
iptables -I tetherctrl_FORWARD -i rndis0 -o tun0 -g tetherctrl_counters
iptables -I tetherctrl_FORWARD -i rndis0 -o tun0 -m state --state INVALID -j DROP
iptables -I tetherctrl_FORWARD -i tun0 -o rndis0 -m state --state RELATED,ESTABLISHED -g tetherctrl_counters
iptables -A tetherctrl_counters -i rndis0 -o tun0 -j RETURN
iptables -A tetherctrl_counters -i tun0 -o rndis0 -j RETURN

# Enable masquerading for tun0
iptables -t nat -A tetherctrl_nat_POSTROUTING -o tun0 -j MASQUERADE

# Route traffic from a specific client ip through a specific gateway
ip rule add from $IPADDR table 100
ip route add default via $GATEWAY table 100

$IPADDR is the address of the user who's traffic you want to route and $GATEWAY is the address assigned to the interface you want to route through.

[Mygod]

@worstperson Yes, this is definitely possible. I am too lazy to implement (and maintain) this, however. PRs are welcome. 😄