Dual Gateway VPN Blacklist by Device - DD-WRT

What is a VPN Blacklist?

Once you connect to a VPN service from a router, your entire router network will be tunneling through the VPN connection. However, in some cases you may have a device on your network that you would like to direct through your local ISP, with no VPN connection. 

If you use any service that blocks access through a VPN connection, or if you want to access local geographical content, then this blacklist method will allow you to setup individual devices to bypass the VPN connection and remain connected through your local ISP instead. 

Setup a VPN Blacklist in DD-WRT:

Go to the Services > VPN page, then copy and paste the following lines into the Policy Based Routing field in the OpenVPN Client section:

Click Apply Settings.

The lines we copied and pasted above are making it so all devices that connect automatically to the FlashRouter in the IP range from will go through VPN. This means when you setup a Static IP address for any device outside of that 100-150 range it will bypass the VPN.

Go to the Services > Services page. Under DHCP Server in the Static Lease section please click Add.

Enter the MAC Address of any device that you would like to bypass VPN. Under Hostname enter the name of the device is to identify it. Then set a Static IP Address for the device for example

Click Apply Settings and then reboot your router.

When the router boots back up the device will be assigned to this Static network IP Address all the time and will not go through VPN.

You can setup as many devices outside of the DHCP range as you like to bypass the VPN connection. If you would like to change the device back to a VPN connection, you can delete the Static IP assignment on the Services > Services page, and then reboot your router and your connected device. 

VPN Blacklist or VPN Whitelist:

If you prefer to have the majority of your network devices going through VPN, with only a select group of individual devices that you would like to bypass the VPN, then you should use VPN Blacklist. 

If you prefer to have the majority of your network devices going through your local ISP, with only a select group of individual devices going through the VPN, then you should use VPN Whitelist. 


Have more questions? Submit a request


  • 1

    The example above uses the range 100-150 as those IP addresses that go through the VPN.  If you want a different range of IP addresses, you have to enter it in CIDR format.  I found this helpful website for converting a range to the CIDR format:


  • 0

    Thanks for simplifying this topic for average users (including myself).

    I understand this would work with the openvpn, in my case I can't use the openvpn as my ISP blocked all openvpn ports...

    For that, I was wonder if I can achieve the same using PPTP?


    Thanks in advance..

Please sign in to leave a comment.
Powered by Zendesk