What's new

VPN selective Routing for specific Websites and Apps

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

At the moment, you can't restrict to a specific client IP, but if I get some free time I may add that feature.

Thanks very much for your effort in creating this.

You can always add a manual rule to send all traffic from a specific client over the VPN though

So I can create a manual rule in VPN Director to pass all traffic from a certain device/local IP thru VPN, and then use your script to setup an IPSET to pass thru regular WAN, e.g. BBC iPlayer?

Is that right?

I tried that, and it doesn't seem to function properly.

EDIT: I've set up the script according to your instructions, but only the OVPN rules work for me. Going by your example:
Code:
# Edit this list of rules (just be careful with the single quote at the beginning and end of the list):
RULES='
whatismyipaddress.com|OVPN1
netflix.com|WAN'

-navigating to whatismyipaddress.com shows the VPN IP. However, accessing netflix.com gives the browser error of "can't connect" - it doesn't even try to load. I've tested this with other sites. Appending "|WAN" breaks the connection for me. What do you think it could be?
 
Last edited:
I may do that :)
I was actually thinking of turning this into a proper addon with a GUI if I can find the time to learn how. Merlin's docs look pretty good, so I may give it a go.
thanks for your script! works great!
we can even see the rules on the vpn director gui. thanks!
the only manual step for me is to grep the dnsmasq.log to see all needed IPs
 
Last edited:
Hey there @machinist, sorry for not replying sooner - I didn't spot this question until now.
So I can create a manual rule in VPN Director to pass all traffic from a certain device/local IP thru VPN, and then use your script to setup an IPSET to pass thru regular WAN, e.g. BBC iPlayer?
Possibly, but I'm not sure how Merlin's code would handle two conflicting/overlapping rules.
The UI says:
  • OpenVPN clients set to redirect all traffic have the highest priority
  • WAN rules will have priority over OpenVPN rules
But I'm not sure how to interpret them in your specific example.

However, it may be moot anyway since I just got my head around a pretty big limitation of my script:
Some domains (like netflix.com) use DNS-based load-balancing and as such, return different IPs each time you do a lookup.
This means that nslookup always gets different IPs and so the script will always think that IPs have changed.
It also means that clients will often be provided with an IP that is not the one the script got and so that traffic would slip past the checks and escape over the WAN

I’ve tried to find a workaround for this, but sadly, I don’t think there is one. Providers like Netflix use huge IP ranges that change often. We don’t have a reliable way to get all of them at any time.
As such, I think it’s better to only use this script to direct specific traffic to smaller providers over the VPN, rather than send all traffic over the VPN and then add WAN exceptions.
Basically, don’t add hosts (like netflix.com) that have this issue.
I think you would hit that issue trying to add BBC iPlayer as a rule.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top