I am trying to get better quality for VoIP from clients that are inside the VPN (which has greater latency and reduced bandwidth), by routing the VoIP services outside the VPN. Via a PBR policy, only clients inside 192.168.1.128/25 are routed thru OpenVPN. I would like to exclude all VoIP from being routed thru the VPN. I've carefully setup all VoIP (Viber, Skype, and WhatsApp - Google Voice is in the DMZ) as a QoS class. The easiest way would be to route this QoS class off the VPN. Is this possible (Q1)? I am guessing it is not possible (that would be too easy). It has been pointed out many times (usually when people ask about Netflix) it is impractical to exclude using IP sets (WhatsApp alone has over 240 CIDRs it can use). So how to route certain destination ports off the VPN (Q2) on Tomato 138 K26ARM USB VPN-64K?