What's new

x3mRouting x3mRouting vs Domain based VPN routing

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Armandooooo

Occasional Visitor
Hello,
What is the difference between this addon and the addon call "Domain Base VPN Routing". It seems like my use case seem to match both addons. I just want all my devices to be routed through the VPN for a specific URL (getting streaming from french TV that cannot be accessed outside france). Having to always enable the VPN and disable afterward is really not practical for me.
Thank you for the advice.
 
Thank you for your reply. Does that mean it does not work?
 
Thank you for your reply. Does that mean it does not work?
I could work, but the script Domain Base VPN Routing has a better support, and it works flawless for me, once it is configured…
 
I could work, but the script Domain Base VPN Routing has a better support, and it works flawless for me, once it is configured…
Can you help me configured this one? I tried but it does not seem to work. there are a few settings that I did not understand when setting this up. I have put my question here, if you can help me, I would appreciate.


Thank you
 
I have had the opposite expeie
I could work, but the script Domain Base VPN Routing has a better support, and it works flawless for me, once it is configured…
I have had the opposite experience. I am using X3MRouting to bypass the VPN for Amazon Prime / Hulu on an android TV. I coudn't get that type of bypass to work with Domain based routing. With domain based routing if you do the same domains that amazon needs to bypass prime video, & if you do the same thing for Hulu then it starts bypassing way to many domains or not the same ips that x3mrouting got plus the vpn would still be detected. Also x3mrouting has a feature called aws_region which just does amazon region bypass. I hope someone keeps x3mrouting updated or comes out with something similar. The features of ipsets / asnumbers / aws_region seem to be working with the current version of @merlin firmware but i'm worried it will stop working as updates to the firmware continue. Also x3mrouting has this dnsmasq= method of finding the ips for a specific domain which just seems to function better than domain based routing method of pulling ips. I hope in the future Domain based routing can improve. I appreciate all the work that has been going on with that script.
 
I have had the opposite expeie

I have had the opposite experience. I am using X3MRouting to bypass the VPN for Amazon Prime / Hulu on an android TV. I coudn't get that type of bypass to work with Domain based routing. With domain based routing if you do the same domains that amazon needs to bypass prime video, & if you do the same thing for Hulu then it starts bypassing way to many domains or not the same ips that x3mrouting got plus the vpn would still be detected. Also x3mrouting has a feature called aws_region which just does amazon region bypass. I hope someone keeps x3mrouting updated or comes out with something similar. The features of ipsets / asnumbers / aws_region seem to be working with the current version of @merlin firmware but i'm worried it will stop working as updates to the firmware continue. Also x3mrouting has this dnsmasq= method of finding the ips for a specific domain which just seems to function better than domain based routing method of pulling ips. I hope in the future Domain based routing can improve. I appreciate all the work that has been going on with that script.
I would love those two would merge... Let's hope they both improve
 
I have had the opposite expeie

I have had the opposite experience. I am using X3MRouting to bypass the VPN for Amazon Prime / Hulu on an android TV. I coudn't get that type of bypass to work with Domain based routing. With domain based routing if you do the same domains that amazon needs to bypass prime video, & if you do the same thing for Hulu then it starts bypassing way to many domains or not the same ips that x3mrouting got plus the vpn would still be detected. Also x3mrouting has a feature called aws_region which just does amazon region bypass. I hope someone keeps x3mrouting updated or comes out with something similar. The features of ipsets / asnumbers / aws_region seem to be working with the current version of @merlin firmware but i'm worried it will stop working as updates to the firmware continue. Also x3mrouting has this dnsmasq= method of finding the ips for a specific domain which just seems to function better than domain based routing method of pulling ips. I hope in the future Domain based routing can improve. I appreciate all the work that has been going on with that script.
A lot of that has to do with the fact X3MRouting required dnsmasq logging to capture all of the queries that had a partial match of the base domain you wanted routed. That's not exactly a clean way to do it but is a brute way to do it. I made the decision to force it to match the specific domain in your policy even with dnsmasq logging because that is the proper way to do it and to properly get CDNs routed into your policy requires a little bit of research and investigative work. Enterprise grade devices and appliances do the same exact thing and don't do a lazy expression match of the domain just to capture everything. Just my opinon on the matter, I have several policies routing several different services and they all work flawlessly including several streaming services. Hope that clears up some confusion for some. :)

EDIT:

I have some considerations coming down the road for allowing ASNs, source based matches, etc. Also routing all of AWS wouldn't work for me as several of my policies are within the AWS ASN and I don't want them routed over the same VPN.
 
A lot of that has to do with the fact X3MRouting required dnsmasq logging to capture all of the queries that had a partial match of the base domain you wanted routed. That's not exactly a clean way to do it but is a brute way to do it. I made the decision to force it to match the specific domain in your policy even with dnsmasq logging because that is the proper way to do it and to properly get CDNs routed into your policy requires a little bit of research and investigative work. Enterprise grade devices and appliances do the same exact thing and don't do a lazy expression match of the domain just to capture everything. Just my opinon on the matter, I have several policies routing several different services and they all work flawlessly including several streaming services. Hope that clears up some confusion for some. :)

EDIT:

I have some considerations coming down the road for allowing ASNs, source based matches, etc. Also routing all of AWS wouldn't work for me as several of my policies are within the AWS ASN and I don't want them routed over the same VPN.
Ok but maybe allow for those options even if they wouldn’t work for you. What im noticing is allowing for instance the prime video domains seems to then allow a lot of other domains that also bypass other services. Since a lot of domains use amazon web services.. I also can give you this example I have this in my nat start for x3mrouting x3mRouting.sh 1 0 HULU dnsmasq=hulu.com,hulustream.com,akamaihd.net --- with this command I can stream through hulu on my Android TV ... If I run the same domains with Domain Routing -- The VPN is detected & I can't stream -- Even if I query the policy.. I have found that with numerous services at least on boxes such as Android TV / Apple TV -- For example I have optimum TV, and for there apple TV app to bypass the VPN all I need to do is run sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 Altice dnsmasq=optimum.net,optonline.net,fps.iptv.optimum.net,altice.com,alticeusa.com,alticeusa.net,alticecdn.lilaccdn.net,rsdvrcvc.ott.alticeusa.net,appletv.optimum.net,lilaccdn.net,adobedtm.com --- Again if I add these same domains to your policy it says I am not at home and it wont allow me to stream -- The other thing is I don't even need to query the policy or wait as soon as I add these commands the bypass works. I don't know why that is but the way x3mrouting is handling bypass seems to allow for the bypass to work.. Maybe you have some insight in too that?
 
Ok but maybe allow for those options even if they wouldn’t work for you. What im noticing is allowing for instance the prime video domains seems to then allow a lot of other domains that also bypass other services. Since a lot of domains use amazon web services.. I also can give you this example I have this in my nat start for x3mrouting x3mRouting.sh 1 0 HULU dnsmasq=hulu.com,hulustream.com,akamaihd.net --- with this command I can stream through hulu on my Android TV ... If I run the same domains with Domain Routing -- The VPN is detected & I can't stream -- Even if I query the policy.. I have found that with numerous services at least on boxes such as Android TV / Apple TV -- For example I have optimum TV, and for there apple TV app to bypass the VPN all I need to do is run sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 Altice dnsmasq=optimum.net,optonline.net,fps.iptv.optimum.net,altice.com,alticeusa.com,alticeusa.net,alticecdn.lilaccdn.net,rsdvrcvc.ott.alticeusa.net,appletv.optimum.net,lilaccdn.net,adobedtm.com --- Again if I add these same domains to your policy it says I am not at home and it wont allow me to stream -- The other thing is I don't even need to query the policy or wait as soon as I add these commands the bypass works. I don't know why that is but the way x3mrouting is handling bypass seems to allow for the bypass to work.. Maybe you have some insight in too that?
I would suggest do some more investigation around Hulu, here is a screenshot from IPFoo loading Hulu stream portal, seems like there are a few more domains you would want to grab. The reason this works in X3MRouting because it sees a partial match of hulu domain in the domain and grabs it. I have had to do this on a few of my policies. I have also had success by avoiding adding Akamai domains themselves.

1714577485365.png
 
Right well is there a way for you to add an option to do it the way x3mrouting does it ? because see how I can just add those three domains and it works. With your alternative its a lot more research lol I mean I actually did try to go this route and what I noticed as I pointed out with the amazon video thing -- In order to get it to work on your tool it was opening way to many ips and other services such as directv even became bypassed because I guess it used a shared IP. That didn't happen when I was able to use the aws_region command.
 
Also whats the command you use for your policy ? meaning the domains you added can you provide it. I want to see if it works on the Android TV App.
 
Also am I supposed to enable or disable Private IP Addresses with your tool --- That part is not clear to me. What does that option do?
 
Right well is there a way for you to add an option to do it the way x3mrouting does it ? because see how I can just add those three domains and it works. With your alternative its a lot more research lol I mean I actually did try to go this route and what I noticed as I pointed out with the amazon video thing -- In order to get it to work on your tool it was opening way to many ips and other services such as directv even became bypassed because I guess it used a shared IP. That didn't happen when I was able to use the aws_region command.
Just add the Hulu specific domains (www.hulu.com, auth.hulu.com, etc) to your policy and let it run for awhile (A few query cycles), if you have DNS Logging enabled some queries to the service will also help. Do not add Akamai domains to your policy, that's when you will start getting other stuff routed unintentionally.
 
Also am I supposed to enable or disable Private IP Addresses with your tool --- That part is not clear to me. What does that option do?
No you can leave it disabled, that is just to allow / reject Private IP Addresses being added to your policy from queried domains, some configurations the queried domain can return a local private IP.
 
Just add the Hulu specific domains (www.hulu.com, auth.hulu.com, etc) to your policy and let it run for awhile (A few query cycles), if you have DNS Logging enabled some queries to the service will also help. Do not add Akamai domains to your policy, that's when you will start getting other stuff routed unintentionally.
Ok but I notice that with Amazon prime if I try to bypass since directv stream also uses AWS the same ips also bypass directv stream.
 
Ok but I notice that with Amazon prime if I try to bypass since directv stream also uses AWS the same ips also bypass directv stream.
Do you have an example of 2 domains with the same IP?
 
So for example I need this domain to allow Prime video to bypass the vpn "amazonaws.com" but when I add that domain Directv Stream also uses it to so my VPN is bypassed meanwhile I want directv stream to use my VPN Ip address..
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top