subscribe to our Youtube


14175 questions

16819 answers


54159 members

0 votes
309 views 2 comments

I'm trying to migrate from GL.Inet to RTUX11.

One thing I need is to route all traffic over WireGuard + KillSwitch.

I'm already failing on the WireGuard...

I'm able to setup the WireGuard connection and routing ONLY when I set as allowed IP's

If I set (or + then the WireGuard client on RTUX11 won't connect to my WG server.

It looks like the external IP address (myWgServer.example.domain) is not accessible when allowed IP's is set to

Question: does anyone know how to fix it? on GL.Inet there is an option to exclude domain names (myWgServer.example.domain) from VPN routing.

Question 2: any ideas how to realise kill switch functionality on the RUTX?

thanks for any hints!


Just an update.

I have managed to setup following:

1. WiFi network (magnet-vpn) where all clients are routed over my wireguard VPN (using this Network I'm always at home).

2. Guest WiFi network (magnet-guest) where all clients are routed over WAN and have no access to my home network / vpn.

To setup it, you have to login into shell and execute:

opkg update
opkg install vpn-policy-routing
uci set vpn-policy-routing.config.enabled="1"
while uci -q delete [email protected][0]; do :; done
uci add vpn-policy-routing policy
uci set [email protected][-1].name="Ignore_wireguard_VPN"
uci set [email protected][-1].dest_addr=""
uci set [email protected][-1].interface="ignore"
uci add vpn-policy-routing policy
uci set [email protected][-1].name="Ignore_Guest"
uci set [email protected][-1].src_addr=""
uci set [email protected][-1].interface="ignore"
uci add vpn-policy-routing policy
uci set [email protected][-1].name="AllWireguard"
uci set [email protected][-1].src_addr=""
uci set [email protected][-1].interface="magnets"
uci commit
/etc/init.d/vpn-policy-routing restart

2. create guest network as described here:

Please note: I'm using my own subclass: 

3. Important: in wireguard Settings define Allowed IP's as: BUT do not enable:Route Allowed IPs option (the vpn-policy-routing Plugin will create these routing entries)

So far I'm happy. will try to setup killswitch today.


1 Answer

0 votes


For the killswitch, you could create a hotplug script that would do the killswitching by yourself, the path to the folder would be: /etc/hotplug.d/iface/18-wireguard

On the exclusion of domain names, you could try referring to this article:

Thanks for your feedback.

The solution/setup seems to be time consuming.

With Gl.Inet I can setup: dedicated WiFi with Wireguard VPN (to be always "at home") + KillSwitch, dedicated Guest WiFi (for Kidds usage) - all within 5 Minutes.

I'm thinking to send the RTUX12 back and by another GL.Inet with external antennas (GL.iNet GL-X750 Version 2) - it's much user friendly, especially for road (camping) use cases.

Best Regards