What's new

DomainVPNRouting Domain VPN Routing

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

1. Install script, through AMTM is the easiest.

2. Create a new policy (11), name it, identify which active VPN interface you want to use, select desired options.

3. Add domain (14), type in domain or subdomain, identify which policy you want it to use.

4. Repeat, ensuring you add as many domains as possible identified with the particular site/service. IPFoo Chrome extension can help identify these domains.

5. By default, policies will update every 15 minutes, pulling new IP addresses associated with the domains and respective policies. Particularly when starting a new policy, you may wish to use option 8 to manually update the policies several times to ensure you’re associating as many IPs as possible.

6. Enjoy.
thank you did this. So I don’t need to do anything else. As far as configuration goes.

Because I tried that before and when I’d run a trace route the traffic still routed normally
 
dunno if anyone can help but i have an issue. I'm using this script with pihole and unbound, i have set policies for BBC for example and everytime i try to get to that website i see the pihole logs that the website is going through pihole instead of the VPN policy?
 
Hi, thx for putting this together and making it available! I've installed, added policies for AmazonPrime, MLB, Netflix, Peacock, Hulu, and AppleTV, and added the domains I found using IPvFoo on Firefox.

Adding the domains to a policy like MLB is taking several hours. I add the domains names using (14) and then run (8) query policy to get the URL's. Is it normal for this process to take so long? I'm assuming there's no way to keep working on Domain VPN Routing while this is querying domains?

I noticed that some of these domain, like MLB, have several entries for Google services that I normally block on my Asus Router. If I put those google urls into the policy, will it actually send data over that connection or will it be blocked? I'm asking because I've worked hard to block several of these sites, like "static.ads-twitter.com" in VPN Director and I don't want it in a policy and then every other app starts to use it. Then I'm back at square 1 again.

Thx
 
Last edited:
Hi, thx for putting this together and making it available! I've installed, added policies for AmazonPrime, MLB, Netflix, Peacock, Hulu, and AppleTV, and added the domains I found using IPvFoo on Firefox.

Adding the domains to a policy like MLB is taking several hours. I add the domains names using (14) and then run (8) query policy to get the URL's. Is it normal for this process to take so long? I'm assuming there's no way to keep working on Domain VPN Routing while this is querying domains?

I noticed that some of these domain, like MLB, have several entries for Google services that I normally block on my Asus Router. If I put those google urls into the policy, will it actually send data over that connection or will it be blocked? I'm asking because I've worked hard to block several of these sites, like "static.ads-twitter.com" in VPN Director and I don't want it in a policy and then every other app starts to use it. Then I'm back at square 1 again.

Thx
Frank
Just exclude those domains?
 
Just exclude those domains?
Ok, I can do that. I wasn't sure if just excluding them was the right answer or not.

What about manuallly running (8), query policy?

Do I need to run (8) any time I make a change to the policy domain?

I just want to make sure I'm not doing anything wrong here because of how long it's taking.

Thx.
 
Last edited:
Ok, I can do that. I wasn't sure if just excluding them was the right answer or not.

What about manuallly running (8), query policy?

Do I need to run (8) any time I make a change to the policy domain?

I just want to make sure I'm not doing anything wrong here because of how long it's taking.

Thx.
You can manually run it or let the cron job handle it passively.
 
  • Like
Reactions: fsb
Question: Can I add IP manualy in CIDR format? like 123.123.123.0/24
If so, how will it be done correctly?

"Policy domaintoIP File under /jffs/configs/domain_vpn_routing/. Add using the following syntax Domain>>IP"
 
Question: Can I add IP manualy in CIDR format? like 123.123.123.0/24
If so, how will it be done correctly?

"Policy domaintoIP File under /jffs/configs/domain_vpn_routing/. Add using the following syntax Domain>>IP"
No you would add that using the normal VPN Policy Director.
 
Hello! Please help me with an issue. When configuring routing, all traffic goes through the VPN, not just for the specified domains. I tried both WireGuard and OpenVPN. I created separate rules in VPN Director, but it still routes everything through the VPN. RT-AX86U Pro 3004.388.8_2
 
Hello! Please help me with an issue. When configuring routing, all traffic goes through the VPN, not just for the specified domains. I tried both WireGuard and OpenVPN. I created separate rules in VPN Director, but it still routes everything through the VPN. RT-AX86U Pro 3004.388.8_2
Sounds like you have all traffic routed over your VPN in your VPN configuration.
 
Hello, I have installed the script, yet I don't see WG interfaces listed for policy creation.
If I read the changelog right, it should be supported now. I only see "wan" interface during new policy creation.

I also noticed that this script creates wgclient-start in /jffs/scripts/
I need to use UDP trash hack for Wireguard, can I add my own code to this script?
 
Last edited:
Hello, I have installed the script, yet I don't see WG interfaces listed for policy creation.
If I read the changelog right, it should be supported now. I only see "wan" interface during new policy creation.

I also noticed that this script creates wgclient-start in /jffs/scripts/
I need to use UDP trash hack for Wireguard, can I add my own code to this script?
I would prefer for you to open a GitHub issue on this so I can investigate with you further as well as maybe work through a new feature for what functionality you are needing. Modifying the script will make it constantly think it’s broken and needs to update from the repo.
 
I would prefer for you to open a GitHub issue on this so I can investigate with you further as well as maybe work through a new feature for what functionality you are needing. Modifying the script will make it constantly think it’s broken and needs to update from the repo.
Nevermind, I re-installed your script and wgc1 is now showing correctly. Thanks!
Unfortunately, the script doesn't seem to be routing traffic through Wireguard VPN for me. I’ll submit this issue on GitHub.
 
Last edited:
Nevermind, I re-installed your script and wgc1 is now showing correctly. Thanks!
Unfortunately, the script doesn't seem to be routing traffic through Wireguard VPN for me. I’ll submit this issue on GitHub.
Looking out for the issue submission
 
It seems that the script cannot work with sites that have protection from cloudflare. All rules with such sites are ignored.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top