AC66U - bypassing client VPN for selected ports/services

[sambosoul]

Hello,

I am currently subscribed to NordVPN and are pretty with their services. However, I've been experiencing FaceTime connectivity problems when using NordVPN's Thailand VPN server. Their support agent told me that for FaceTime to work, I would need to connect to a P2P VPN server. Unfortunately, their Thailand VPN server is configured as a standard VPN server and the next P2P server is in Singapore - ideally, I would like to use the Thailand VPN server as it will give me the greatest speed as I live in Bangkok.

Now, I was wondering if AsusWRT-Merlin offers any functionality to force the FaceTime traffic to bypass the VPN connection and to use the WAN connection. FaceTime uses these ports.

Is there any chance that I can force certain ports or IP addresses to use WAN interface? I am pretty sure that once a FaceTime call is established, I will be able to retrieve the IP address but I am thinking that this address changes every time I establish a new call, or?

Any suggestions or advise will be appreciated

Thanks,
Sambora

 

[st3v3n]

Sambosoul, This is a fairly complicated subject to get across, without other details, but I'll try to help you get started. Some of the issues involved with your question are accomplished better than others, I'll just offer you some thoughts. I don't know why your agent believes you should use a P2P server for FaceTime, since a static or dynamic route would probably work better. Everything you write is doable, as long as your Asus router is already running RMerlin's firmware, and you have a stable router and your provider's server aren't overloaded. Nord used to have several tutorials on Asus/Merlin FW on their site, and other VPN providers offer similar helpful 'how-to' pages. I've spent years reading SNBforums, and learn new tips each day, so never stop reading all of the areas. You also might consider posting on the Apple users forum; sometimes, you might even get a relevant answer.

You route any device to ISP / WAN, and if your Nord service offers you multiple device connections, they can give you an openvpn or L2TP config for your iDevice, which would offer you greater security and privacy than by trying to use different servers, as long as the server you use isn't heavily loaded. (Without knowing the details of your device, service and Nord plan, this is all in the realm of speculation).

When you sign into your Asus router with your ID and password, you should be able to 'see' the device in the LAN- LAN/DHCP server tab of your router GUI. Enable 'manual assignment,' which will allow you to 'see' and route any device that's signed into your Asus router. Then, pull the MAC address menu tab down, to reveal the MAC Wi-Fi address of your idevice, then add the device with it's MAC/IP/host name. The assignment area is in the bottom-half of the LAN-DHCP-server tab on the left-hand side of your router's GUI. Then, go to the VPN tab, where you can add your devices at the bottom of the OpenVPN client configuration page, toward the bottom of the page. Use the section at the bottom of this page to add your particular device you're using for FaceTime, to WAN, -not- VPN, then click Apply at the bottom of the page, wait for the router to save the information and in a minute or two, your device should be routed to WAN(ISP).

The actual Wi-Fi Mac address of your iDevice is located in the 'General/Settings/About' section of your phone/tablet. Though you won't be routed through your Asus openvpn tunnel, if you have OpenvpnConnect installed in your device, you can import a Nord openvpn config into your device to use, if your Nord plan allows multiple devices to be use at the same time. Nord may have an L2TP config you could import into your iDevice. L2TP won't offer the same amount of privacy/security as the openvpn tunnel in your router, but it's better than only depending on Apple's FaceTime encryption alone. Also, an L2TP config on your device wouldn't be as heavy a load to the iDevice hardware as OpenVPNConnect will be.

You may wish to ask your FaceTime friend to set up their device in a similar fashion for best results, depending on their location and their service. It's very likely someone else has a better concept of what you want to do and will share their idea with you.
What we believe we see, read or understand isn't always what the person meant of attempted to write.I hope this helped, if not, you can rephrase the issue and try again. Good luck.