What's new

Could someone help me with vpnclient bypass of certain domains?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

sone

Occasional Visitor
So my wife is irking me about www.macys.com, www.etsy.com and www.yelp.com that sometimes those sites are giving her "access denied".. later to find out these sites hate vpns.. so my normal routine is to switch to a different vpn server and hopefully these sites haven't caught on that's a vpn. This routine is getting more annoying especially through the holidays. (wife likes to shop) anyhow.. could someone help me with a script that will use the domain names, pull in its current ip address (these sites use dynamic ip's) and reroute her computer to bypass the vpn? Could it be that I can adjust the script to add more domains if needed? thanks kindly.
 
So my wife is irking me about www.macys.com, www.etsy.com and www.yelp.com that sometimes those sites are giving her "access denied".. later to find out these sites hate vpns.. so my normal routine is to switch to a different vpn server and hopefully these sites haven't caught on that's a vpn. This routine is getting more annoying especially through the holidays. (wife likes to shop) anyhow.. could someone help me with a script that will use the domain names, pull in its current ip address (these sites use dynamic ip's) and reroute her computer to bypass the vpn? Could it be that I can adjust the script to add more domains if needed? thanks kindly.
Try to add these to "WAN" on policy routing table in client.
2.18.77.48
23.61.230.50
151.101.84.116
 
Thanks Opctopus for replying. If doing that wouldn't I have to keep checking if those site IP address changes? Example, Macy's is dynamic.. so every few minutes it changes.
 
Thanks Opctopus for replying. If doing that wouldn't I have to keep checking if those site IP address changes? Example, Macy's is dynamic.. so every few minutes it changes.
Okey, didnt realized that. Se if Xentrk script can do what you want. I have never use it do I can't help with it.
 
In most cases, the IP(s) returned from a DNS query don't change all that often. And if you use the OpenVPN client's inherent ability to add static routes based on the domain name and bind them to the WAN, it will generate a static route for *all* the IPs assigned to that domain.

IOW, I would bet that in most cases, adding the following to the custom config field of the OpenVPN client would suffice.
Code:
route www.macys.com 255.255.255.255 net_gateway
route macys.com 255.255.255.255 net_gateway
route www.etsy.com 255.255.255.255 net_gateway
route etsy.com 255.255.255.255 net_gateway
route www.yelp.com 255.255.255.255 net_gateway
route yelp.com 255.255.255.255 net_gateway

And if it still concerns you that the IPs might change, then perhaps restart the OpenVPN client on a daily basis so these static routes are regularly re-evaluated.

You could do something more sophisticated based on ipset (involving DNSMasq), but I'm trying to keep things simple.
 
In most cases, the IP(s) returned from a DNS query don't change all that often. And if you use the OpenVPN client's inherent ability to add static routes based on the domain name and bind them to the WAN, it will generate a static route for *all* the IPs assigned to that domain.

IOW, I would bet that in most cases, adding the following to the custom config field of the OpenVPN client would suffice.
Code:
route www.macys.com 255.255.255.255 net_gateway
route macys.com 255.255.255.255 net_gateway
route www.etsy.com 255.255.255.255 net_gateway
route etsy.com 255.255.255.255 net_gateway
route www.yelp.com 255.255.255.255 net_gateway
route yelp.com 255.255.255.255 net_gateway

And if it still concerns you that the IPs might change, then perhaps restart the OpenVPN client on a daily basis so these static routes are regularly re-evaluated.

You could do something more sophisticated based on ipset (involving DNSMasq), but I'm trying to keep things simple.

I am having the same issue with Etsy.
I added
route www.etsy.com 255.255.255.255 net_gateway
route etsy.com 255.255.255.255 net_gateway
to the bottom of my custom config code block, but that does not appear to work.

Is net_gateway a literal string, or do I need to replace it with something from my config?
 
I am having the same issue with Etsy.
I added
route www.etsy.com 255.255.255.255 net_gateway
route etsy.com 255.255.255.255 net_gateway
to the bottom of my custom config code block, but that does not appear to work.

Is net_gateway a literal string, or do I need to replace it with something from my config?

net_gateway (like vpn_gateway) is a reserved word. OpenVPN will replace that keyword w/ the actually WAN gateway IP when the routes are added to the routing table.

You can always dump the routing table to make sure the routes (and which routes) got applied.

Code:
ip route

Note: Make sure you are NOT using Routing Policy (strict)! The strict version of the Routing Policy option strips out static routes!
 
I was strict. I removed strict and that appears to have worked. Thank you.
If I need to use it at a future time, where would I issue the ip route command?
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top