Solutions for VPN-hostile streaming services?

[dreadnought]

VPNs on my ASUS routers running Merlin firmware work great... over time though I have noticed the streaming services like Amazon and Netflix getting more hostile to (or, just more effective at blocking) VPN providers.

Other than constantly disabling the router-to-router VPNs to satisfy Amazon, Netflix, and others (not happening!), I'm looking for advice on the best way to continue using the VPNs but also use the streaming services.

Is it possible on the RT-AC87U with Merlin's firmware to have an OVPN tunnel on one radio and no OVPN tunnel on the other radio? So for example, all the devices that need to use streaming services would connect to the 5ghz radio that does not have an OVPN tunnel configured?

Or, is getting a cheap access point only for streaming services (so no OVPN tunnel) to put in parallel with the RT-AC87U a better idea?

Thanks!

 

[Zirescu]

Haven't tried it before but here's a Wiki entry for doing it the way you suggested. https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN

Another option is to enable the policy settings beside Redirect Internet Traffic and then configure which devices you want to go out the VPN and which ones to go out the WAN.

 

[dreadnought]

Haven't tried it before but here's a Wiki entry for doing it the way you suggested. https://github.com/RMerl/asuswrt-me...or-VPN-and-SSID-for-Regular-ISP-using-OpenVPN

Another option is to enable the policy settings beside Redirect Internet Traffic and then configure which devices you want to go out the VPN and which ones to go out the WAN.

I tried Redirect Internet Traffic/Policy Rules (I used a /28 CIDR notation to get a batch of IP addresses) and thought things were working great (those 16 IP addresses were bypassing the VPN), but when I checked one of my computers outside of that range I noticed it was also bypassing the VPN.

So I am probably not understanding the logic of this function. I was assuming that when enabling Redirect Internet Traffic/Policy Rules that all traffic would go through the VPN except what I added a policy rule with interface WAN for?

I tried adding a second rule for 0.0.0.0 to 0.0.0.0 using the VPN interface (hoping that would make all traffic go through the VPN except for my first rule which has the /28 going through WAN), but that didn't seem to do anything - all traffic still bypassed the VPN.

If I add my computer outside the range (using a single IP address and VPN for interface) then it uses the VPN.

So maybe I need to add every particular IP address I want to continue using the VPN? I have a feeling I don't understand something and there is a better way to do this.

Thanks for the help!

 

[Alfsu]

I tried Redirect Internet Traffic/Policy Rules (I used a /28 CIDR notation to get a batch of IP addresses) and thought things were working great (those 16 IP addresses were bypassing the VPN), but when I checked one of my computers outside of that range I noticed it was also bypassing the VPN.

So I am probably not understanding the logic of this function. I was assuming that when enabling Redirect Internet Traffic/Policy Rules that all traffic would go through the VPN except what I added a policy rule with interface WAN for?

I tried adding a second rule for 0.0.0.0 to 0.0.0.0 using the VPN interface (hoping that would make all traffic go through the VPN except for my first rule which has the /28 going through WAN), but that didn't seem to do anything - all traffic still bypassed the VPN.

If I add my computer outside the range (using a single IP address and VPN for interface) then it uses the VPN.

So maybe I need to add every particular IP address I want to continue using the VPN? I have a feeling I don't understand something and there is a better way to do this.

Thanks for the help!

With Routing Policy Rules enabled, all traffic goes to the WAN by default; so yes, rules are needed for those devices you want through the VPN. The CIDR notation works fine, only you have to make sure the IPs are properly assigned to the desired devices by the DHCP server.

 

[dreadnought]

With Routing Policy Rules enabled, all traffic goes to the WAN by default; so yes, rules are needed for those devices you want through the VPN. The CIDR notation works fine, only you have to make sure the IPs are properly assigned to the desired devices by the DHCP server.

Oh... I set everything up backward then. I need to get to work! Ahahaha. Thanks!