How do I route some of traffic from clients to VPN server except the ip from China?

I have few VPN servers with hundreds of clients from mainland China. a lot of them complaining the speed is extremely slow when they visiting Chinese websites.
The speed is fast enough when they visiting the U.S websites.
I did some research. I saw some guys solve this issue on a windows system by using PostUp PostDown parameters.
The theory is actually very simple. when they visiting Chinese websites, don’t bother routing traffic to the VPN server.
When they visiting U.S websites, Let traffic go through the VPN server.

However, I have played with your system for quite some time now, couldn’t make it work.
Can any of you guys shine some light here. It would be greatly appreciated.

Hey @willie, what you’re probably looking for is split tunneling: Split Tunnel | Docs Firezone

Unfortunately for the WireGuard client to route traffic appropriately, you’ll need to know the US IP blocks you wish to route traffic over to achieve this. There’s no country-level selector to automatically categorize destination traffic.

I have China IP blocks. I don’t know how to do it and where to start.
Can you tell me a bit of specific how I can achieve this?
Like what parameter should I add or modify in firezone.rb file or elsewhere?


There are millions of IP for either country, If I add each individual ip one at a time. It’s not practical. I am thinking maybe some commands can pick up this huge ip list. this should be the right way to do it.
btw, the country ip list can be found on the internet.