Could someone help me with vpnclient bypass of certain domains?

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

sone

Occasional Visitor
So my wife is irking me about www.macys.com, www.etsy.com and www.yelp.com that sometimes those sites are giving her "access denied".. later to find out these sites hate vpns.. so my normal routine is to switch to a different vpn server and hopefully these sites haven't caught on that's a vpn. This routine is getting more annoying especially through the holidays. (wife likes to shop) anyhow.. could someone help me with a script that will use the domain names, pull in its current ip address (these sites use dynamic ip's) and reroute her computer to bypass the vpn? Could it be that I can adjust the script to add more domains if needed? thanks kindly.
 

octopus

Very Senior Member
So my wife is irking me about www.macys.com, www.etsy.com and www.yelp.com that sometimes those sites are giving her "access denied".. later to find out these sites hate vpns.. so my normal routine is to switch to a different vpn server and hopefully these sites haven't caught on that's a vpn. This routine is getting more annoying especially through the holidays. (wife likes to shop) anyhow.. could someone help me with a script that will use the domain names, pull in its current ip address (these sites use dynamic ip's) and reroute her computer to bypass the vpn? Could it be that I can adjust the script to add more domains if needed? thanks kindly.
Try to add these to "WAN" on policy routing table in client.
2.18.77.48
23.61.230.50
151.101.84.116
 

sone

Occasional Visitor
Thanks Opctopus for replying. If doing that wouldn't I have to keep checking if those site IP address changes? Example, Macy's is dynamic.. so every few minutes it changes.
 

octopus

Very Senior Member
Thanks Opctopus for replying. If doing that wouldn't I have to keep checking if those site IP address changes? Example, Macy's is dynamic.. so every few minutes it changes.
Okey, didnt realized that. Se if Xentrk script can do what you want. I have never use it do I can't help with it.
 

eibgrad

Very Senior Member
In most cases, the IP(s) returned from a DNS query don't change all that often. And if you use the OpenVPN client's inherent ability to add static routes based on the domain name and bind them to the WAN, it will generate a static route for *all* the IPs assigned to that domain.

IOW, I would bet that in most cases, adding the following to the custom config field of the OpenVPN client would suffice.
Code:
route www.macys.com 255.255.255.255 net_gateway
route macys.com 255.255.255.255 net_gateway
route www.etsy.com 255.255.255.255 net_gateway
route etsy.com 255.255.255.255 net_gateway
route www.yelp.com 255.255.255.255 net_gateway
route yelp.com 255.255.255.255 net_gateway

And if it still concerns you that the IPs might change, then perhaps restart the OpenVPN client on a daily basis so these static routes are regularly re-evaluated.

You could do something more sophisticated based on ipset (involving DNSMasq), but I'm trying to keep things simple.
 

jamesl

New Around Here
In most cases, the IP(s) returned from a DNS query don't change all that often. And if you use the OpenVPN client's inherent ability to add static routes based on the domain name and bind them to the WAN, it will generate a static route for *all* the IPs assigned to that domain.

IOW, I would bet that in most cases, adding the following to the custom config field of the OpenVPN client would suffice.
Code:
route www.macys.com 255.255.255.255 net_gateway
route macys.com 255.255.255.255 net_gateway
route www.etsy.com 255.255.255.255 net_gateway
route etsy.com 255.255.255.255 net_gateway
route www.yelp.com 255.255.255.255 net_gateway
route yelp.com 255.255.255.255 net_gateway

And if it still concerns you that the IPs might change, then perhaps restart the OpenVPN client on a daily basis so these static routes are regularly re-evaluated.

You could do something more sophisticated based on ipset (involving DNSMasq), but I'm trying to keep things simple.

I am having the same issue with Etsy.
I added
route www.etsy.com 255.255.255.255 net_gateway
route etsy.com 255.255.255.255 net_gateway
to the bottom of my custom config code block, but that does not appear to work.

Is net_gateway a literal string, or do I need to replace it with something from my config?
 

eibgrad

Very Senior Member
I am having the same issue with Etsy.
I added
route www.etsy.com 255.255.255.255 net_gateway
route etsy.com 255.255.255.255 net_gateway
to the bottom of my custom config code block, but that does not appear to work.

Is net_gateway a literal string, or do I need to replace it with something from my config?

net_gateway (like vpn_gateway) is a reserved word. OpenVPN will replace that keyword w/ the actually WAN gateway IP when the routes are added to the routing table.

You can always dump the routing table to make sure the routes (and which routes) got applied.

Code:
ip route

Note: Make sure you are NOT using Routing Policy (strict)! The strict version of the Routing Policy option strips out static routes!
 

jamesl

New Around Here
I was strict. I removed strict and that appears to have worked. Thank you.
If I need to use it at a future time, where would I issue the ip route command?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top