I running OpenVPN client on tomato firmware. With "Ignore Redirect Gateway (route-nopull)" and "Redirect through VPN" set to true I can easy route the package I want to vpn by mark it 0x137. (Redirect through VPN option will add all required setting to route package with mark 0x137 to VPN) I test marking icmp, tcp, udp and it work. But I have and issue to find the right way to mark only "Facebook video call" package. I use wireshark to capture package sent out while i have a video call turn out facebook use STUN protocol follow by p2p udp for data. At first I plan to mark all udp sent out with port range 30000-65535 but that will include other p2p application. I don't want to lost the VPN bandwidth a lot, bittorrent will be a main issue it is udp and same port range. Try to use a Layer 7 extension. Code: root@unknown:/# iptables -t mangle -A PREROUTING -p udp -s 192.168.111.13 -m multiport --ports 30000:65535 -m layer7 --l7proto bittorrent -j ACCEPT scandir: No such file or directory iptables v1.4.14: Couldn't open /etc_ro/l7-protocols I am out of idea how to mark the package. If you are wonder why I need to do this reason "ISP is block all VoIP application".