diff --git a/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js b/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js
index e76e1ac8d..62cbc973e 100644
--- a/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js
+++ b/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js
@@ -48,10 +48,13 @@ return L.view.extend({
 		o = s.option(form.Value, 'name', _('Domain'));
 		o.rmempty = false;
 
+		o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
+
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
 		o.noaliases = true;
 		o.noinactive = true;
 		o.nocreate    = true;
+		o.depends('vpn', '0');
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -78,10 +81,13 @@ return L.view.extend({
 		o = s.option(form.Value, 'ip', _('IP'));
 		o.rmempty = false;
 
+		o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
+
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
 		o.noaliases = true;
 		o.noinactive = true;
 		o.nocreate    = true;
+		o.depends('vpn', '0');
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -199,10 +205,14 @@ return L.view.extend({
 		o = s.option(form.Value, 'asn', _('ASN'));
 		o.rmempty = false;
 
+		o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
+
+
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
 		o.noaliases = true;
 		o.noinactive = true;
 		o.nocreate    = true;
+		o.depends('vpn', '0');
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -255,10 +265,13 @@ return L.view.extend({
 			},this));
 		};
 
+		o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
+
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used (or an other interface if master is down).'));
 		o.noaliases = true;
 		o.noinactive = true;
 		o.nocreate    = true;
+		o.depends('vpn', '0');
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -278,6 +291,7 @@ return L.view.extend({
 			o = s.option(form.Flag, 'ndpi', _('Enable ndpi'));
 			o.default = o.enabled;
 			o.modalonly = true
+			o.depends('vpn', '0');
 		}
 
 		return m.render();
diff --git a/omr-bypass/files/etc/init.d/omr-bypass b/omr-bypass/files/etc/init.d/omr-bypass
index 413165173..1d292c55a 100755
--- a/omr-bypass/files/etc/init.d/omr-bypass
+++ b/omr-bypass/files/etc/init.d/omr-bypass
@@ -73,8 +73,8 @@ _bypass_domains() {
 	config_get enabled $1 enabled
 	config_get noipv6 $1 noipv6
 	config_get family $1 family
-	config_get vpn $1 vpn
 	[ -z "$intf" ] && intf="all"
+	config_get vpn $1 vpn
 	[ "$vpn" = "1" ] && intf="srv_vpn1"
 	[ "$enabled" = "0" ] && return
 	[ -z "$domain" ] && return
@@ -391,6 +391,9 @@ _bypass_proto() {
 	config_get ndpi $1 ndpi
 	config_get noipv6 $1 noipv6
 	config_get family $1 family
+	config_get vpn $1 vpn
+	[ "$vpn" = "1" ] && intf="srv_vpn1"
+
 	[ "$enabled" = "0" ] && return
 	[ -z "$noipv6" ] && noipv6="0"
 	[ -z "$family" ] && family="ipv4ipv6"
@@ -400,7 +403,7 @@ _bypass_proto() {
 
 	[ -z "$intf" ] && intf="all"
 	[ -z "$proto" ] && return
-	if [ "$(uci -q get openmptcprouter.settings.ndpi)" != "0" ] && [ "$ndpi" != "0" ]; then
+	if [ "$(uci -q get openmptcprouter.settings.ndpi)" != "0" ] && [ "$ndpi" != "0" ] && [ "$vpn" != "1" ]; then
 		if [ "$intf" = "all" ]; then
 			if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
 				$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
@@ -487,6 +490,9 @@ _bypass_proto_without_ndpi() {
 	config_get ndpi $1 ndpi "0"
 	config_get noipv6 $1 noipv6
 	config_get family $1 family
+	config_get vpn $1 vpn
+	[ "$vpn" = "1" ] && intf="srv_vpn1"
+
 	[ "$enabled" = "0" ] && return
 	[ -z "$noipv6" ] && noipv6="0"
 	[ -z "$family" ] && family="ipv4ipv6"
@@ -496,22 +502,32 @@ _bypass_proto_without_ndpi() {
 
 	[ -z "$intf" ] && intf="all"
 	[ -z "$proto" ] && return
-	if [ "$(uci -q get openmptcprouter.settings.ndpi)" == "0" ] || [ "$ndpi" == "0" ]; then
+	if [ "$(uci -q get openmptcprouter.settings.ndpi)" == "0" ] || [ "$ndpi" == "0" ] || [ "$vpn" = "1" ]; then
 		ALLIPS=$(sqlite3 /usr/share/omr-bypass/omr-bypass.db "select ip from ipproto where proto=\"$proto\";" ".exit")
 		if [ -n "$ALLIPS" ]; then
-			ipset -q flush bypass_$proto > /dev/null 2>&1
-			ipset -q flush bypass6_$proto > /dev/null 2>&1
-			ipset -q --exist restore <<-EOF
-			create bypass_$proto hash:net hashsize 64
-			create bypass6_$proto hash:net family inet6 hashsize 64
-			EOF
+			if [ "$vpn" != "1" ]; then
+				ipset -q flush bypass_$proto > /dev/null 2>&1
+				ipset -q flush bypass6_$proto > /dev/null 2>&1
+				ipset -q --exist restore <<-EOF
+				create bypass_$proto hash:net hashsize 64
+				create bypass6_$proto hash:net family inet6 hashsize 64
+				EOF
+			fi
 			for ip in $ALLIPS; do
 				valid_ip4=$( valid_subnet4 $ip)
 				valid_ip6=$( valid_subnet6 $ip)
 				if [ "$valid_ip4" = "ok" ]; then
-					ipset -q add bypass_$proto $ip
+					if [ "$vpn" != "1" ]; then
+						ipset -q add bypass_$proto $ip
+					else
+						ipset -q add omr_dst_bypass_$intf $ip
+					fi
 				elif [ "$valid_ip6" = "ok" ]; then
-					ipset -q add bypass6_$proto $ip
+					if [ "$vpn" != "1" ]; then
+						ipset -q add bypass6_$proto $ip
+					else
+						ipset -q add omr6_dst_bypass_$intf $ip
+					fi
 				fi
 			done
 			if [ "$intf" = "all" ]; then
@@ -531,7 +547,7 @@ _bypass_proto_without_ndpi() {
 					COMMIT
 					EOF
 				fi
-			else
+			elif [ "$vpn" != "1" ]; then
 				if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
 					$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
 					*mangle
@@ -1025,6 +1041,12 @@ start_service() {
 		-A PREROUTING -j omr-bypass6
 		COMMIT
 		EOF
+		$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+		*mangle
+		:omr-bypass6-local -
+		-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass6-local
+		COMMIT
+		EOF
 	fi
 	
 	config_load network
@@ -1080,7 +1102,22 @@ start_service() {
 		COMMIT
 		EOF
 	fi
-
+	if [ "$disableipv6" = "0" ]; then
+		if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
+			-A omr-bypass6 -m mark --mark 0x539 -j RETURN
+			COMMIT
+			EOF
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-bypass6-local -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
+			-A omr-bypass6-local -m mark --mark 0x539 -j RETURN
+			COMMIT
+			EOF
+		fi
+	fi
 	config_load shadowsocks-libev
 	config_foreach _ss_rules_config
 	config_load shadowsocks-rust
diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
index f11cfe5fa..6b8c127c2 100755
--- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps
+++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
@@ -1,12 +1,12 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+# Copyright (C) 2018-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
 # Released under GPL 3. See LICENSE for the full terms.
 
 START=99
 
 USE_PROCD=1
 
-EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key set_gre_tunnel token"
+EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key set_gre_tunnel token set_bypass_ips"
 
 . /usr/lib/unbound/iptools.sh
 
@@ -944,6 +944,22 @@ _set_lan_ip() {
 	fi
 }
 
+_set_bypass_ips() {
+	local settings
+	[ -z "$servername" ] && servername=$1
+	bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
+	bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
+	if [ "$bypassipv4s" != "" ] || [ "$bypassipv6s" != "" ]; then
+		settings='{"ipv4s" : ['$bypassipv4s'],"ipv6s" : ['$bypassipv6s'],"intf" : "vpn1"}'
+		result=$(_set_json "bypass" "$settings")
+	fi
+}
+
+set_bypass_ips() {
+	config_load openmptcprouter
+	config_foreach _set_bypass_ips server
+}
+
 _set_vpn_ip() {
 	local settings
 	[ -z "$vps_config" ] && vps_config=$(_get_json "config")
@@ -997,7 +1013,7 @@ _set_client2client() {
 		c2cid=$((c2cid+1))
 		targetip=$(echo $lanip | awk -F '/' '{print $1}' | tr -d "\n")
 		netmask=$(echo $lanip | awk -F '/' '{print $2}' | tr -d "\n")
-		target=$(ipcalc.sh $targetip $netmask | grep NETWORK | awk -F '=' '{print $2}' | tr -d "\n")
+		target=$(ipcalc.sh $targetip/$netmask | grep NETWORK | awk -F '=' '{print $2}' | tr -d "\n")
 		uci -q batch <<-EOF >/dev/null
 			set network.omr_client2client_${c2cid}=route
 			set network.omr_client2client_${c2cid}.interface=omrvpn
@@ -2264,6 +2280,7 @@ _config_service() {
 	config_foreach _get_lan_ip interface
 	_set_lan_ip
 	_set_sipalg
+	_set_bypass_ips
 	config_foreach _delete_client2client route
 	if [ "$(uci -q get openmptcprouter.settings.vpn)" != "openvpn" ] && [ "$(echo "$vps_config" | jsonfilter -q -e '@.client2client.enabled')" == "true" ]; then
 		_set_client2client