So all the traffic of this IP goes thru the VPN, but with the recent netflix changes id like to let netflix traffic goes directly to the inet, is this possible? if so, how/where must i config this?
The thing is that "192.168.0.19" always need to go thru the vpn, if the vpn is down then it must have no connection to the outside world.
Only when accessing netflix the "192.168.0.19" machine must go to the outside world without the VPN, all others thing must go thru the VPN.
So the script does this thing? for all the machines on the network or only for the "192.168.0.19" machine?
I don't want to hijack the original poster but I have a very similar problem. I tried the original script as posted by eibgrad on March 7 and it did not work.
However, just to test things out I changed netflix.com to whatismyip.com. With the VPN turned on whatsmyip.com shows my ISP provided IP address. Checking several other similar sites show the VPN provided IP address. This suggests to me that the script works great in my setup up without any further work...except Netflix seems to be somehow a different matter.
If I check the routing table the original script adds 12 lines that have the same destination IPs as those that show up if I do an nslookup to netflix.com in a cmd prompt. However, I did notice that nslookup to www.netflix.com results in another eight similar IP addresses. I don't have the know-how to edit the script to get both sets of destination IPs into the routing table and try it. In any case, I have also noticed that doing an nslookup to www.netflix.com yields different results when the VPN is turned on compared to when the VPN is turned off. Perhaps this is all irrelevant but the original script does not work for netflix for me.
I apologize if I have spewed a bunch of garbage here. Following tutorials is more my speed. I am just starting to suspect that the way netflix is set up will preclude this type of routing.
Code:
SCRIPT_DIR="/tmp/etc/config"
SCRIPT="$SCRIPT_DIR/add-routes.wanup"
mkdir -p $SCRIPT_DIR
cat << "EOF" > $SCRIPT
#!/bin/sh
WAN_GW="$(nvram get wan_gateway)"
for ip in $(nslookup netflix.com | awk '/^Name:/,0{if (/^Addr/)print $3}'); do
ip route add $ip via $WAN_GW
done
ip route flush cache
EOF
chmod +x $SCRIPT
I love the idea of this script, but where should it go in my startup script? I am running a startup script to run my IPVanish Vpn. At the end or after vpn cert.
Its indeed a commercial OpenVPN (PIA) and i have 3 machines on the network that i like to go thru the VPN. Only when accessing a netflix movie/serie i'd like to get them to go thru the WAN.
The Ip's are *.19/*.20/*.22 (manual assigned)
At this moment i have two settings set in the router;
one under "Policy based Routing"
Quote:
192.168.0.19/32
192.168.0.20/32
192.168.0.22/32
and one in the firewall setting
Quote:
iptables -I FORWARD -s 192.168.0.19 -o $(nvram get wan_iface) -j DROP
iptables -I FORWARD -s 192.168.0.20 -o $(nvram get wan_iface) -j DROP
iptables -I FORWARD -s 192.168.0.22 -o $(nvram get wan_iface) -j DROP
Thats all, is this enough info or do you need something else?
If there is another way, please tell me i have no problem changing it all.
the thing i want is to get those 3 machine always thru the VPN (configured in the router) but only when accessing a netflix movie or serie they can go thru the WAN.
Other machines in the network get their IP thru DHCP and are going to the WAN directly (no vpn for those needed)
My use case is that I'm running DD-WRT v3 with OpenVPN for all traffic in my network and Netflix is blocking me even though I'm a US user and connecting to Netflix through US vpn gateways. So I needed a solution to selectively route Netflix traffic over my regular ISP cable modem network (non-vpn), while still sending all other traffic over the vpn tunnel.
Thanks so much @eibgrad for your instruction and script. This has worked out beautifully for me. I have modified your script so it can be used for...
---- Multiple Netflix (and other) server domains
---- Class C routes ... to catch a wider net of IPs
---- With a startup delay at boot time to allow network connections to complete
As noted by before, it is absolutely necessary to remove any 'Policy Based Routing' commands (including comments!) from the VPN setup page in DD-WRT.
I have put the below script in my DD-WRT Startup Commands. You can also download the attached .txt file for your use. I hope it helps!
# dd-wrt selective domain routing
WAN_GW="$(nvram get wan_gateway)"
# list domains for selective routing
for domain in \
"netflix.com" \
"ichnaea.netflix.com" \
"movies.netflix.com" \
"www.netflix.com" \
"nflxext.com" \
"cdn1.nflxext.com" \
"nflximg.com" \
"nflxvideo.net" \
"ipv4_1.cxl0.c145.sjc002.ix.nflxvideo.net" \
"amazonaws.com" \
"whatsmyip.org"
do
# extract ip addresses
for ip in $(nslookup $domain | awk '/^Name:/,0{if (/^Addr/)print $3}'); do
# add class c route for each ip address to wan gateway
ip route add `echo $ip | cut -d . -f 1,2`.0.0/16 via $WAN_GW
done
done
is there a way to make this script so that its only for "some" intern ip's? ( exemple: only for 192.168.0.19)
Regards
If you are looking to redirect your own internal network IPs (i.e. 192.168.xxx.xxx) I would suggest using the Policy Based Routing box in the VPN setup screen. Just add the IP(s) in the box, no script needed. Although, this will filter ALL traffic not just Netflix...
*Many* thanks to eibgrad for the original script and dahosepipe for the modifications! It worked for me (using dd-wrt on Netgear R7000 via a Canadian ISP and IPVanish). This is true of streaming on my PC and wireless connections to the router from a PS3 and Smart TV. For some reason though my mobile phone still gets the proxy error.
In general I am not happy that Netflix has prompted me to reduce my overall internet security but I am very happy to have found this work around.