DomainVPNRouting Domain VPN Routing Question

[denkl]

Hello,

Please help me figure out why when using the rule in VPN Director, all traffic including routing domain goes via VPN on the specified interface. At the same time, on other devices with other IPs, the specified domain vpn routing policy also works, although it should not.

Configuration.

=================

Rule in VPN Director:
Enable - true
Description - Test
Local IP - 192.168.1.202
Remote IP - blank
Iface - OVPN2

OpenVPN Client Settings:
Accept DNS Configuration - Exclusive
Redirect internet traffic through tunnel - VPN Director (policy rules)

# Domain VPN Routing for ASUS Routers using Merlin Firmware v386.7 or newer
# Author: Ranger802004 - https://github.com/Ranger802004/asusmerlin/
# Date: 02/26/2024
# Version: v2.1.3

Select the Policy You Want to View: 3

Policy Name: Test
Interface: ovpnc2
Verbose Logging: Disabled
Private IP Addresses: Disabled
Domains:
ip.me

=================

Testing.

Current results:
From device with IP 192.168.1.202:
ip.me - VPN (Amsterdam)
other domains - VPN (Amsterdam)

From other devices:
ip.me - VPN (Amsterdam)
other domains - without VPN

Expected results:

From device with IP 192.168.1.202:
ip.me - VPN (Amsterdam)
other domains - without VPN

From other devices:
ip.me - without VPN
other domains - without VPN

Thank you for the help.

 

[Kyjiep]

Hello,

Please help me figure out why when using the rule in VPN Director, all traffic including routing domain goes via VPN on the specified interface. At the same time, on other devices with other IPs, the specified domain vpn routing policy also works, although it should not.

Configuration.

=================

Rule in VPN Director:
Enable - true
Description - Test
Local IP - 192.168.1.202
Remote IP - blank
Iface - OVPN2

OpenVPN Client Settings:
Accept DNS Configuration - Exclusive
Redirect internet traffic through tunnel - VPN Director (policy rules)

# Domain VPN Routing for ASUS Routers using Merlin Firmware v386.7 or newer
# Author: Ranger802004 - https://github.com/Ranger802004/asusmerlin/
# Date: 02/26/2024
# Version: v2.1.3

Select the Policy You Want to View: 3

Policy Name: Test
Interface: ovpnc2
Verbose Logging: Disabled
Private IP Addresses: Disabled
Domains:
ip.me

=================

Testing.

Current results:
From device with IP 192.168.1.202:
ip.me - VPN (Amsterdam)
other domains - VPN (Amsterdam)

From other devices:
ip.me - VPN (Amsterdam)
other domains - without VPN

Expected results:

From device with IP 192.168.1.202:
ip.me - VPN (Amsterdam)
other domains - without VPN

From other devices:
ip.me - without VPN
other domains - without VPN

Thank you for the help.

As far as I understand, your results show that everything works as intended. What you expect does not correspond to the functionality of the Domain VPN Routing script. Domain VPN Routing filters by domains before the traffic enters the VPN interface. If the device traffic is sent directly to the VPN interface using a rule in the VPN Director, then Domain VPN Routing will no longer be able to affect it.

 

[denkl]

@Kyjiep,
Thank you very much for the explanation.
From the beginning I didnt catch how Domain VPN Routing works.
Missed that Domain VPN Routing filters by domains before the traffic enters interface.
It seemed to me that filtering should happen after the traffic enters interface.
Thanks for your time, I really appreciate.