diff --git a/aquantia/Makefile b/aquantia/Makefile
deleted file mode 100755
index f99bb0c90..000000000
--- a/aquantia/Makefile
+++ /dev/null
@@ -1,41 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=kmod-aquantia
-PKG_VERSION:=1.0
-PKG_RELEASE:=1
-
-include $(INCLUDE_DIR)/kernel.mk
-include $(INCLUDE_DIR)/package.mk
-
-define KernelPackage/phy-aquantia
-  SUBMENU:=Network Devices
-  TITLE:=aQuantia device support
-  DEPENDS:=@PCI_SUPPORT @TARGET_x86_64 @KERNEL_5_4 +kmod-i2c-core +kmod-i2c-algo-bit +kmod-ptp +kmod-hwmon-core +kmod-libphy
-  KCONFIG:=CONFIG_AQUANTIA_PHY
-  HIDDEN:=1
-  FILES:=$(LINUX_DIR)/drivers/net/phy/aquantia.ko
-  AUTOLOAD:=$(call AutoProbe,aquantia)
-endef
-
-define KernelPackage/phy-aquantia/description
- Kernel modules for aQuantia Ethernet adapters.
-endef
-
-define KernelPackage/atlantic
-  SUBMENU:=Network Devices
-  TITLE:=aQuantia AQtion(tm) Support
-  DEPENDS:=@PCI_SUPPORT @TARGET_x86_64 @KERNEL_5_4 +kmod-i2c-core +kmod-i2c-algo-bit +kmod-ptp +kmod-phy-aquantia
-  KCONFIG:=CONFIG_AQTION
-  FILES:=$(LINUX_DIR)/drivers/net/ethernet/aquantia/atlantic/atlantic.ko
-  AUTOLOAD:=$(call AutoProbe,atlantic)
-endef
-
-define KernelPackage/atlantic/description
- Kernel modules for the aQuantia AQtion(tm) Ethernet card
-endef
-
-define Build/Compile
-endef
-
-$(eval $(call KernelPackage,phy-aquantia))
-$(eval $(call KernelPackage,atlantic))
\ No newline at end of file
diff --git a/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js b/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js
index e76e1ac8d..62cbc973e 100755
--- a/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js
+++ b/luci-app-omr-bypass/htdocs/luci-static/resources/view/services/omr-bypass.js
@@ -48,10 +48,13 @@ return L.view.extend({
 		o = s.option(form.Value, 'name', _('Domain'));
 		o.rmempty = false;
 
+		o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
+
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
 		o.noaliases = true;
 		o.noinactive = true;
 		o.nocreate    = true;
+		o.depends('vpn', '0');
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -78,10 +81,13 @@ return L.view.extend({
 		o = s.option(form.Value, 'ip', _('IP'));
 		o.rmempty = false;
 
+		o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
+
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
 		o.noaliases = true;
 		o.noinactive = true;
 		o.nocreate    = true;
+		o.depends('vpn', '0');
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -199,10 +205,14 @@ return L.view.extend({
 		o = s.option(form.Value, 'asn', _('ASN'));
 		o.rmempty = false;
 
+		o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
+
+
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used.'));
 		o.noaliases = true;
 		o.noinactive = true;
 		o.nocreate    = true;
+		o.depends('vpn', '0');
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -255,10 +265,13 @@ return L.view.extend({
 			},this));
 		};
 
+		o = s.option(form.Flag, 'vpn', _('VPN on server'),_('Bypass using VPN configured on server.'));
+
 		o = s.option(widgets.DeviceSelect, 'interface', _('Interface'),_('When none selected, MPTCP master interface is used (or an other interface if master is down).'));
 		o.noaliases = true;
 		o.noinactive = true;
 		o.nocreate    = true;
+		o.depends('vpn', '0');
 
 		o = s.option(form.Value, 'note', _('Note'));
 		o.rmempty = true;
@@ -278,6 +291,7 @@ return L.view.extend({
 			o = s.option(form.Flag, 'ndpi', _('Enable ndpi'));
 			o.default = o.enabled;
 			o.modalonly = true
+			o.depends('vpn', '0');
 		}
 
 		return m.render();
diff --git a/omr-bypass/files/etc/init.d/omr-bypass b/omr-bypass/files/etc/init.d/omr-bypass
index 413165173..1d292c55a 100755
--- a/omr-bypass/files/etc/init.d/omr-bypass
+++ b/omr-bypass/files/etc/init.d/omr-bypass
@@ -73,8 +73,8 @@ _bypass_domains() {
 	config_get enabled $1 enabled
 	config_get noipv6 $1 noipv6
 	config_get family $1 family
-	config_get vpn $1 vpn
 	[ -z "$intf" ] && intf="all"
+	config_get vpn $1 vpn
 	[ "$vpn" = "1" ] && intf="srv_vpn1"
 	[ "$enabled" = "0" ] && return
 	[ -z "$domain" ] && return
@@ -391,6 +391,9 @@ _bypass_proto() {
 	config_get ndpi $1 ndpi
 	config_get noipv6 $1 noipv6
 	config_get family $1 family
+	config_get vpn $1 vpn
+	[ "$vpn" = "1" ] && intf="srv_vpn1"
+
 	[ "$enabled" = "0" ] && return
 	[ -z "$noipv6" ] && noipv6="0"
 	[ -z "$family" ] && family="ipv4ipv6"
@@ -400,7 +403,7 @@ _bypass_proto() {
 
 	[ -z "$intf" ] && intf="all"
 	[ -z "$proto" ] && return
-	if [ "$(uci -q get openmptcprouter.settings.ndpi)" != "0" ] && [ "$ndpi" != "0" ]; then
+	if [ "$(uci -q get openmptcprouter.settings.ndpi)" != "0" ] && [ "$ndpi" != "0" ] && [ "$vpn" != "1" ]; then
 		if [ "$intf" = "all" ]; then
 			if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
 				$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
@@ -487,6 +490,9 @@ _bypass_proto_without_ndpi() {
 	config_get ndpi $1 ndpi "0"
 	config_get noipv6 $1 noipv6
 	config_get family $1 family
+	config_get vpn $1 vpn
+	[ "$vpn" = "1" ] && intf="srv_vpn1"
+
 	[ "$enabled" = "0" ] && return
 	[ -z "$noipv6" ] && noipv6="0"
 	[ -z "$family" ] && family="ipv4ipv6"
@@ -496,22 +502,32 @@ _bypass_proto_without_ndpi() {
 
 	[ -z "$intf" ] && intf="all"
 	[ -z "$proto" ] && return
-	if [ "$(uci -q get openmptcprouter.settings.ndpi)" == "0" ] || [ "$ndpi" == "0" ]; then
+	if [ "$(uci -q get openmptcprouter.settings.ndpi)" == "0" ] || [ "$ndpi" == "0" ] || [ "$vpn" = "1" ]; then
 		ALLIPS=$(sqlite3 /usr/share/omr-bypass/omr-bypass.db "select ip from ipproto where proto=\"$proto\";" ".exit")
 		if [ -n "$ALLIPS" ]; then
-			ipset -q flush bypass_$proto > /dev/null 2>&1
-			ipset -q flush bypass6_$proto > /dev/null 2>&1
-			ipset -q --exist restore <<-EOF
-			create bypass_$proto hash:net hashsize 64
-			create bypass6_$proto hash:net family inet6 hashsize 64
-			EOF
+			if [ "$vpn" != "1" ]; then
+				ipset -q flush bypass_$proto > /dev/null 2>&1
+				ipset -q flush bypass6_$proto > /dev/null 2>&1
+				ipset -q --exist restore <<-EOF
+				create bypass_$proto hash:net hashsize 64
+				create bypass6_$proto hash:net family inet6 hashsize 64
+				EOF
+			fi
 			for ip in $ALLIPS; do
 				valid_ip4=$( valid_subnet4 $ip)
 				valid_ip6=$( valid_subnet6 $ip)
 				if [ "$valid_ip4" = "ok" ]; then
-					ipset -q add bypass_$proto $ip
+					if [ "$vpn" != "1" ]; then
+						ipset -q add bypass_$proto $ip
+					else
+						ipset -q add omr_dst_bypass_$intf $ip
+					fi
 				elif [ "$valid_ip6" = "ok" ]; then
-					ipset -q add bypass6_$proto $ip
+					if [ "$vpn" != "1" ]; then
+						ipset -q add bypass6_$proto $ip
+					else
+						ipset -q add omr6_dst_bypass_$intf $ip
+					fi
 				fi
 			done
 			if [ "$intf" = "all" ]; then
@@ -531,7 +547,7 @@ _bypass_proto_without_ndpi() {
 					COMMIT
 					EOF
 				fi
-			else
+			elif [ "$vpn" != "1" ]; then
 				if [ "$family" = "ipv4" ] || [ "$family" = "ipv4ipv6" ]; then
 					$IPTABLESRESTORE -w --wait=60  --noflush <<-EOF
 					*mangle
@@ -1025,6 +1041,12 @@ start_service() {
 		-A PREROUTING -j omr-bypass6
 		COMMIT
 		EOF
+		$IP6TABLESRESTORE -w --wait=60  --noflush <<-EOF
+		*mangle
+		:omr-bypass6-local -
+		-A OUTPUT -m addrtype ! --dst-type LOCAL -j omr-bypass6-local
+		COMMIT
+		EOF
 	fi
 	
 	config_load network
@@ -1080,7 +1102,22 @@ start_service() {
 		COMMIT
 		EOF
 	fi
-
+	if [ "$disableipv6" = "0" ]; then
+		if [ "$($IP6TABLES --wait=40 -t mangle -L -n | grep 'match-set omr6_dst_bypass_all dst MARK set')" = "" ]; then
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-bypass6 -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
+			-A omr-bypass6 -m mark --mark 0x539 -j RETURN
+			COMMIT
+			EOF
+			$IP6TABLESRESTORE -w --wait=60 --noflush <<-EOF
+			*mangle
+			-A omr-bypass6-local -m set --match-set omr6_dst_bypass_all dst -j MARK --set-mark 0x539
+			-A omr-bypass6-local -m mark --mark 0x539 -j RETURN
+			COMMIT
+			EOF
+		fi
+	fi
 	config_load shadowsocks-libev
 	config_foreach _ss_rules_config
 	config_load shadowsocks-rust
diff --git a/omr-bypass/files/usr/share/omr-bypass/omr-bypass-proto.lst b/omr-bypass/files/usr/share/omr-bypass/omr-bypass-proto.lst
index 8e24f9282..5229d7c7b 100755
--- a/omr-bypass/files/usr/share/omr-bypass/omr-bypass-proto.lst
+++ b/omr-bypass/files/usr/share/omr-bypass/omr-bypass-proto.lst
@@ -6,6 +6,7 @@ adultcontent
 alibaba
 amazon
 amazonalexa
+amazon_aws
 amazonaws
 amazonvideo
 anydesk
@@ -16,6 +17,7 @@ applepush
 applesiri
 applestore
 appletvplus
+avast
 azure
 badoo
 bittorrent
@@ -38,20 +40,24 @@ doh_dot
 dropbox
 eaq
 ebay
+edgecast
+epicgames
+ethereum
 facebook
 fbookreelstory
 fuze
+geforcenow
 github
 gitlab
 gmail
 google
 googleclassroom
+google_cloud
 googlecloud
 googledocs
 googledrive
 googlehangout
 googlemaps
-googleplus
 googleservices
 goto
 hbo
@@ -69,15 +75,22 @@ linkedin
 livestream
 messenger
 microsoft
+microsoft_365
 microsoft365
+microsoft_azure
+ms_one_drive
 ms_onedrive
+ms_outlook
+mullvad
 netflix
 nintendo
 ntop
+nvidia
 ocs
 ocsp
 ookla
 opendns
+operavpn
 outlook
 pandora
 pastebin
@@ -86,15 +99,17 @@ playstation
 playstore
 pluralsight
 ppstream
+protonvpn
 psiphon
 qq
 reddit
 riotgames
+roblox
 salesforce
 showtime
 signal
 sina
-sina(weibo)
+sinaweibo
 siriusxmradio
 skype_teams
 slack
@@ -102,13 +117,17 @@ snapchat
 softether
 soundcloud
 spotify
+starcraft
 steam
 syncthing
 tailscale
 teams
 teamviewer
 telegram
+tencent
 tencentvideo
+teslaservices
+threema
 tidal
 tiktok
 tor
@@ -137,6 +156,7 @@ xbox
 xiaomi
 yahoo
 yandex
+yandex_cloud
 yandexcloud
 yandexdirect
 yandexdisk
@@ -147,4 +167,4 @@ yandexmusic
 youtube
 youtubeupload
 zattoo
-zoom
\ No newline at end of file
+zoom
diff --git a/omr-bypass/files/usr/share/omr-bypass/omr-bypass.db b/omr-bypass/files/usr/share/omr-bypass/omr-bypass.db
index 1c03dc910..f9cec43f4 100755
Binary files a/omr-bypass/files/usr/share/omr-bypass/omr-bypass.db and b/omr-bypass/files/usr/share/omr-bypass/omr-bypass.db differ
diff --git a/omr-tracker/files/bin/omr-tracker-server b/omr-tracker/files/bin/omr-tracker-server
index fcab8b2d4..7d39f48ea 100755
--- a/omr-tracker/files/bin/omr-tracker-server
+++ b/omr-tracker/files/bin/omr-tracker-server
@@ -37,6 +37,11 @@ _check_server() {
 	done
 }
 
+_disable_current() {
+	local serv=$1
+	config_set $serv current "0"
+}
+
 _disable_redir() {
 	local redir=$1
 	config_get server $redir server
@@ -86,6 +91,8 @@ _check_master() {
 						set shadowsocks-rust.sss${count}.server=$ip
 					EOF
 					if [ "$count" -eq "0" ]; then
+						config_load openmptcprouter
+						config_foreach _disable_current server
 						uci -q batch <<-EOF >/dev/null
 							set xray.omrout.s_vmess_address=$ip
 							set xray.omrout.s_vless_address=$ip
@@ -225,6 +232,8 @@ _check_backup() {
 						set shadowsocks-rust.sss${count}.server=$ip
 					EOF
 					if [ "$count" -eq "0" ]; then
+						config_load openmptcprouter
+						config_foreach _disable_current server
 						uci -q batch <<-EOF >/dev/null
 							set xray.omrout.s_vmess_address=$ip
 							set xray.omrout.s_vless_address=$ip
diff --git a/openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter b/openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter
index 3dfda3661..2301d0c3a 100755
--- a/openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter
+++ b/openmptcprouter-api/files/usr/libexec/rpcd/openmptcprouter
@@ -870,9 +870,10 @@ function interfaces_status()
 	ucic:foreach("openmptcprouter", "server", function(s)
 		local serverips = uci:get("openmptcprouter",s[".name"],"ip") or { "" }
 		local master = uci:get("openmptcprouter",s[".name"],"master") or "1"
+		local current = uci:get("openmptcprouter",s[".name"],"current") or "0"
 		for key, value in pairs(serverips) do
 			serverip = value
-			if serverip ~= "" and (master == "1" or mArray.openmptcprouter["wan_addr"] == serverip or mArray.openmptcprouter["wan_addr6"] == serverip) and mArray.openmptcprouter["vps_admin"] == false then
+			if serverip ~= "" and (current == "1" or mArray.openmptcprouter["wan_addr"] == serverip or mArray.openmptcprouter["wan_addr6"] == serverip) and mArray.openmptcprouter["vps_admin"] == false then
 				mArray.openmptcprouter["vps_omr_version"] = uci:get("openmptcprouter", s[".name"], "omr_version") or ""
 				mArray.openmptcprouter["vps_kernel"] = uci:get("openmptcprouter",s[".name"],"kernel") or ""
 				mArray.openmptcprouter["vps_machine"] = uci:get("openmptcprouter",s[".name"],"machine") or ""
@@ -980,6 +981,7 @@ function interfaces_status()
 				else
 					mArray.openmptcprouter["vps_admin"] = false
 					mArray.openmptcprouter["vps_admin_error_msg"] = "No token yet available"
+					uci:set("openmptcprouter",s[".name"],"token_error","1")
 				end
 				if mArray.openmptcprouter["vps_admin"] == false then
 					if mArray.openmptcprouter["service_addr_ip"] ~= "" then
diff --git a/openmptcprouter/files/etc/init.d/openmptcprouter-vps b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
index f11cfe5fa..6b8c127c2 100755
--- a/openmptcprouter/files/etc/init.d/openmptcprouter-vps
+++ b/openmptcprouter/files/etc/init.d/openmptcprouter-vps
@@ -1,12 +1,12 @@
 #!/bin/sh /etc/rc.common
-# Copyright (C) 2018-2019 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
+# Copyright (C) 2018-2023 Ycarus (Yannick Chabanois) <ycarus@zugaina.org>
 # Released under GPL 3. See LICENSE for the full terms.
 
 START=99
 
 USE_PROCD=1
 
-EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key set_gre_tunnel token"
+EXTRA_COMMANDS="set_pihole backup_send backup_get backup_list set_vps_firewall get_openvpn_key set_gre_tunnel token set_bypass_ips"
 
 . /usr/lib/unbound/iptools.sh
 
@@ -944,6 +944,22 @@ _set_lan_ip() {
 	fi
 }
 
+_set_bypass_ips() {
+	local settings
+	[ -z "$servername" ] && servername=$1
+	bypassipv4s=$(ipset -q -o save list omr_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
+	bypassipv6s=$(ipset -q -o save list omr6_dst_bypass_srv_vpn1 | awk '/add/ NF {print "\""$3"\""}' | tr '\n' ',' | sed 's/,$//')
+	if [ "$bypassipv4s" != "" ] || [ "$bypassipv6s" != "" ]; then
+		settings='{"ipv4s" : ['$bypassipv4s'],"ipv6s" : ['$bypassipv6s'],"intf" : "vpn1"}'
+		result=$(_set_json "bypass" "$settings")
+	fi
+}
+
+set_bypass_ips() {
+	config_load openmptcprouter
+	config_foreach _set_bypass_ips server
+}
+
 _set_vpn_ip() {
 	local settings
 	[ -z "$vps_config" ] && vps_config=$(_get_json "config")
@@ -997,7 +1013,7 @@ _set_client2client() {
 		c2cid=$((c2cid+1))
 		targetip=$(echo $lanip | awk -F '/' '{print $1}' | tr -d "\n")
 		netmask=$(echo $lanip | awk -F '/' '{print $2}' | tr -d "\n")
-		target=$(ipcalc.sh $targetip $netmask | grep NETWORK | awk -F '=' '{print $2}' | tr -d "\n")
+		target=$(ipcalc.sh $targetip/$netmask | grep NETWORK | awk -F '=' '{print $2}' | tr -d "\n")
 		uci -q batch <<-EOF >/dev/null
 			set network.omr_client2client_${c2cid}=route
 			set network.omr_client2client_${c2cid}.interface=omrvpn
@@ -2264,6 +2280,7 @@ _config_service() {
 	config_foreach _get_lan_ip interface
 	_set_lan_ip
 	_set_sipalg
+	_set_bypass_ips
 	config_foreach _delete_client2client route
 	if [ "$(uci -q get openmptcprouter.settings.vpn)" != "openvpn" ] && [ "$(echo "$vps_config" | jsonfilter -q -e '@.client2client.enabled')" == "true" ]; then
 		_set_client2client