DomainVPNRouting Domain VPN Routing

[OBENZ]

Thank, you, found a few more domains, now all OK, cheers.

can you tell me which domains you used for Disney?i have been spending a lot of time adding domains for disneyplus to work but it doesn't..for HBO it works perfectly..would be appreciated

 

[Glimmer1180]

can you tell me which domains you used for Disney?i have been spending a lot of time adding domains for disneyplus to work but it doesn't..for HBO it works perfectly..would be appreciated

I used an app called PCAPdroid to monitor the domains being access when Disneyplus fires up on my phone and my android box.

The weird thing is, it intermittently works without me changing anything, I've spent time making sure the domains are all added, and they are, so have no idea why for a period it works and then it does.

The odd things is, when using a browser to watch Disneyplus, it ALWAYS works, its only when i use the Disney plus apps on my phone or streaming devices, i get the VPN error messages intermittently.

Ive restarted my devices and so far so good

 

[S75]

Hello, thanks a lot for you work! I have some noobs question about scripts so please be patient.
I need add about 10k ip's for routing via VPN Wireguard. So how i can add it at ones?
And i try use scripts, install it, run menu, create policy add some domains for test it work, reboot router. But all traffic is run through vpn wireguard. How i can find what is wrong and how fix it?
Upd for some progress, delete rules for vpn director 192.168.50.0/24
if it is necessary for dns use AdguardHome service run on router, try to off him but dont help
update policy in script and have this error

Make a selection:
8
1: (All Policies)
2: Ua_block

Select the Policy You Want to Query: 2
ipset v7.6: Kernel error received: Invalid argument
domain_vpn_routing: Restore Policy - ***Error*** Failed to create IPv6 IPSET for Ua_block
iptables v1.4.15: Kernel module xt_set is not loaded in.

domain_vpn_routing: Restore Policy - ***Error*** Failed to add IPTables OUTPUT rule for IPSET: DomainVPNRouting-Ua_block-ipv4 FWMark: 0xa000
iptables v1.4.15: Kernel module xt_set is not loaded in.

domain_vpn_routing: Restore Policy - ***Error*** Failed to add IPTables PREROUTING rule for IPSET: DomainVPNRouting-Ua_block-ipv4 FWMark: 0xa000
iptables v1.4.15: Kernel module xt_set is not loaded in.

domain_vpn_routing: Restore Policy - ***Error*** Failed to add IPTables rule for IPSET: DomainVPNRouting-Ua_block-ipv4 Interface: wgc1 FWMark: 0xa000
Query Policy: Ua_block
ipset v7.6: Kernel error received: Invalid argumentlock
domain_vpn_routing: Query Policy - ***Error*** Failed to create IPv6 IPSET for Ua_block
iptables v1.4.15: Kernel module xt_set is not loaded in.

domain_vpn_routing: Query Policy - ***Error*** Failed to add IPTables OUTPUT rule for IPSET: DomainVPNRouting-Ua_block-ipv4 FWMark: 0xa000
iptables v1.4.15: Kernel module xt_set is not loaded in.

domain_vpn_routing: Query Policy - ***Error*** Failed to add IPTables PREROUTING rule for IPSET: DomainVPNRouting-Ua_block-ipv4 FWMark: 0xa000
iptables v1.4.15: Kernel module xt_set is not loaded in.

domain_vpn_routing: Query Policy - ***Error*** Failed to add IPTables rule for IPSET: DomainVPNRouting-Ua_block-ipv4 Interface: wgc1 FWMark: 0xa000
ipset v7.6: Kernel error received: Invalid argument
ipset v7.6: Kernel error received: Invalid argument
domain_vpn_routing: Query Policy - ***Error*** Failed to add 158.160.45.54 to IPSET: DomainVPNRouting-Ua_block-ipv4
ipset v7.6: Kernel error received: Invalid argument
ipset v7.6: Kernel error received: Invalid argument
domain_vpn_routing: Query Policy - ***Error*** Failed to add 5.255.255.242 to IPSET: DomainVPNRouting-Ua_block-ipv4
ipset v7.6: Kernel error received: Invalid argument
ipset v7.6: Kernel error received: Invalid argument
domain_vpn_routing: Query Policy - ***Error*** Failed to add 77.88.55.242 to IPSET: DomainVPNRouting-Ua_block-ipv4
ipset v7.6: Kernel error received: Invalid argument
ipset v7.6: Kernel error received: Invalid argument
domain_vpn_routing: Query Policy - ***Error*** Failed to add 89.108.84.132 to IPSET: DomainVPNRouting-Ua_block-ipv4
ipset v7.6: Kernel error received: Invalid argument
ipset v7.6: Kernel error received: Invalid argument
domain_vpn_routing: Query Policy - ***Error*** Failed to add 95.213.221.146 to IPSET: DomainVPNRouting-Ua_block-ipv4
ipset v7.6: Kernel error received: Invalid argument
domain_vpn_routing: Query Policy - ***Error*** Failed to save IPv4 IPSET for Ua_block

Press Enter to continue...

 

[privacyguy123]

Despite whitelisting IPs it connects to my banking app will not connect at all when on the router with VPN connected - any tips to diagnose this further? Bank app opens on mobile data just fine.

 

[Ranger802004]

Despite whitelisting IPs it connects to my banking app will not connect at all when on the router with VPN connected - any tips to diagnose this further? Bank app opens on mobile data just fine.

Probably missing some domains in your policy the banking app needs.

 

[Armandooooo]

Hi @Ranger802004 ,

The addons catalog that is pinned is reference the old post that is currently locked (https://www.snbforums.com/threads/asuswrt-merlin-addon-software-catalog.82059/). Hence I have started another post to ask my question about the script. Today I realize that this one is the one I should have asked my question.

It would be good if:

1. The catalog now points to this post instead
2. Domain-vpn-routing is being added to the prefix list when we start a post.

I don't necessarily know who to ask but I can handle it if you point me to the right direction.

 

[Ranger802004]

Hi @Ranger802004 ,

The addons catalog that is pinned is reference the old post that is currently locked (https://www.snbforums.com/threads/asuswrt-merlin-addon-software-catalog.82059/). Hence I have started another post to ask my question about the script. Today I realize that this one is the one I should have asked my question.

It would be good if:

1. The catalog now points to this post instead
2. Domain-vpn-routing is being added to the prefix list when we start a post.

I don't necessarily know who to ask but I can handle it if you point me to the right direction.

I don't control the way the admins on the forums do the posts, I officially do support via GitHub Support Issues.

 

[iTyPsIDg]

If a site has subdomains, do I need to enter those as well? Or will the second-level domain automatically include third+-level domains?

 

[ComputerSteve]

If a site has subdomains, do I need to enter those as well? Or will the second-level domain automatically include third+-level domains?

How do you even get the subdomains of let’s say cloudfare.net that Amazon prime seems to use.

 

[Armandooooo]

I don't control the way the admins on the forums do the posts, I officially do support via GitHub Support Issues.

They did it. All in order now. Your script is great!

 

[ComputerSteve]

I have seemed to get this work !! So I used this in the policy for Prime for Android TV without also bypassing DirecTV Stream:
Prime Video Domains:
primevideo.com
amazon.com
media-amazon.com
amazonvideo.com
aiv-cdn.net
pv-cdn.net
aiv-delivery.net
akamaihd.net
ssl-images-amazon.com
completion.amazon.com
atv-ps.amazon.com
m.media-amazon.com
ipleak.net

& I used these domains for HULU for Android TV:
a.huluad.com
assets.hulu.com
assets.huluim.com
fa.hulu.com
hulu.com
hulustream.com
ib.hulu.com
ib1.huluim.com
ib2.huluim.com
ib3.huluim.com
ib4.huluim.com
mozart.hulu.com
p.hulu.com
play.hulu.com
pt.hulu.com
s.hulu.com
secure.hulu.com
secure.huluim.com
ss-e-darwin.hulu.com
static.huluim.com
t.hulu.com
t2.hulu.com
tempo-fallback.hulu.com
tempo.hulu.com
urlcheck.hulu.com
vortex.hulu.com

 

[ComputerSteve]

So it worked but then when I rebooted the router it stopped working till I ran querypolicy -- Is that normal behavior ??

 

[ComputerSteve]

should I enable Firewall Restore? Also what does NVRAM Checks do ? Should it be enabled ?

 

[iTyPsIDg]

How do you even get the subdomains of let’s say cloudfare.net that Amazon prime seems to use.

In Firefox, I use the IPvFoo extension.

 

[Armandooooo]

IPvFoo is a real good one, quicker than getting the network monitor.
@Ranger802004 I have notices that deleting domains sometimes does not removed in the file domaintoIP. I can't exactly figure out what make that happens.

 

[Ranger802004]

If a site has subdomains, do I need to enter those as well? Or will the second-level domain automatically include third+-level domains?

No you should add the sub domains you want to your policy.

 

[Ranger802004]

IPvFoo is a real good one, quicker than getting the network monitor.
@Ranger802004 I have notices that deleting domains sometimes does not removed in the file domaintoIP. I can't exactly figure out what make that happens.

If you can me an exact test case send it my way via GitHub so I can look into it please.

 

[Ranger802004]

should I enable Firewall Restore? Also what does NVRAM Checks do ? Should it be enabled ?

It performs a restore policy when the firewall restarts instead of waiting on the cron job to restore them. Firewall restarts clears out IPTables. NVRAM Checks will prevent an nvram get command from locking up the script from a hung process, this was very problematic on the AC86U and couple other older models. It occasionally is an issue on newer routers as well.

 

[Ranger802004]

So it worked but then when I rebooted the router it stopped working till I ran querypolicy -- Is that normal behavior ??

See my response about firewall restore, yes when the router reboots everything in IPTables is wiped and recreated and when query policy or restore policy is ran it restores these items. This is just how the firmware works.

 

[ComputerSteve]

It performs a restore policy when the firewall restarts instead of waiting on the cron job to restore them. Firewall restarts clears out IPTables. NVRAM Checks will prevent an nvram get command from locking up the script from a hung process, this was very problematic on the AC86U and couple other older models. It occasionally is an issue on newer routers as well.

Also what do you recommend i'm thinking of NOT using Firewall Restore because that seems to have an incompatibility with Killmon because it messes with IPtables... So I was thinking instead after reboot since it seems that the script waits 15 minutes (Check Interval) before querying the policy i'd change that to the minimum of 1 minute. Is that bad to do? meaning is there an issue of making it so little will that like overload the router.