Have NordVPN on router. Can I get a connection setup to bypass VPN?

[Kattz]

Ok, so I have NordVPN and the latest version of Shibby Tomato AIO installed on my Asus RT-n66u. I spent some time getting it all set up properly. Now, I'm finding that it is a bit of a PITA.

It seems like many websites are blocking users with VPNs. Nord's support helped me to find some US servers that would allow me to access most Amazon services. That worked for a few days but now it's intermittent. I'm also hitting a lot of other sites that block me while connected to the VPN. Like I said, it's just getting to be a pain. Changing VPN providers isn't going to help either. They're not just blocking Nord, it's VPNs in general.

Is there a way to set up a VLAN or a guest network that is outside of the VPN? I was planning to set up a guest network anyways for my neighbours and I would like that to be outside of the VPN. They're seniors and just send a few emails and post occasionally on Facebook. They were on dialup and a high speed connection is too expensive for what they use. Apparently, I'm going to need either a wired or wireless connection outside of the VPN for myself as well since I can't access half of the internet with the VPN on.

My current setup is a SmartRG SR505n bridged (as a dumb modem) in front of the Asus RT-n66u. I guess the easy way would be to reset it all and just connect the Asus to an ethernet port but I would prefer not to do that. It looks like I might need to use two routers and add some scripts if I want connections outside of the VPN. I do have another Asus RT-n66u with the same version of Tomato already flashed on it sitting in a box.

If anyone knows where I can find any information that will help me set this up, I would really appreciate it. I'm usually pretty good at finding my own info but this time I'm stumped. I'm not really seeing any settings in Tomato that will help me.

Thanks!

 

[Fingers]

Have you tried adding: route example.com 255.255.255.0 192.168.1.100; into the custom section? Obviously the address, subnet and IP needs to be edited with your info.

You can add as many as you want.

 

[RMerlin]

Routes can't use hostnames, they need an IP or a CIDR.

 

[Fingers]

Routes can't use hostnames, they need an IP or a CIDR.

I use plex.tv in my config to bypass the vpn for connecting to my server when im traveling. Is it different on pfsense?

 

[RMerlin]

I use plex.tv in my config to bypass the vpn for connecting to my server when im traveling. Is it different on pfsense?

Doubt it. Anything involving routing will require an IP or a CIDR - routing tables can't do DNS lookups.

 

[Fingers]

I dont know then, because my plex server is also my PC and that runs 24/7 behind a VPN. When I do a port check, the port is closed. When I stop the VPN, my real IP shows the port open. When I am out of the house and the VPN is always on, I can connect fine so the port must be open.

 

[jomic]

I dont know then, because my plex server is also my PC and that runs 24/7 behind a VPN. When I do a port check, the port is closed. When I stop the VPN, my real IP shows the port open. When I am out of the house and the VPN is always on, I can connect fine so the port must be open.

this makes me confuse

 

[Fingers]

this makes me confuse

Sorry I wasn't clear.

What I am trying to say is, when my server doesn't have this line in the config, I cannot connect remotely through the VPN to Plex.
When the line is added, I can connect without a problem.

route plex.tv 255.255.255.0 192.168.100.5

This works for me.

 

[DMR42]

Sorry I wasn't clear.

What I am trying to say is, when my server doesn't have this line in the config, I cannot connect remotely through the VPN to Plex.
When the line is added, I can connect without a problem.

route plex.tv 255.255.255.0 192.168.100.5

This works for me.

Hi, I'm trying to do exactly this, run all my traffic through a VPN, I have an Asus rt-ac86u running merlin, but plex rmote access does not work. Where would I enter "route plex.tv 255.255.255.0 192.168.100.5"? Massively new to this, would it be in the custom configuration part of the VPN Client page? Plex is running on a nas drive, would I put the ip of the NAS?

 

[DMR42]

When you connect from outside your network does it only give you Indirect access to your PMS?

 

[eibgrad]

Hi, I'm trying to do exactly this, run all my traffic through a VPN, I have an Asus rt-ac86u running merlin, but plex rmote access does not work. Where would I enter "route plex.tv 255.255.255.0 192.168.100.5"? Massively new to this, would it be in the custom configuration part of the VPN Client page? Plex is running on a nas drive, would I put the ip of the NAS?

Unfortunately, there's a lot of misinformation in this thread.

The route directive *can* use hostnames, at least w/ Linux. OpenVPN uses the underlying Linux route command to add the route(s). And I say routes (plural) because the route command will still work when the domain name passed to it resolves to multiple IP addresses (which plex.tv does). It just creates multiple routes in the local routing table, one for each public IP associated w/ the domain name. However, when you specify a hostname (as opposed to a network, e.g., 199.199.199.0 255.255.255.0), the proper syntax is as follows.

route plex.tv 255.255.255.255 <net_gateway/vpn-gateway>

IOW, each IP that is returned by DNS will represent a host (255.255.255.255), NOT a network (e.g., 255.255.255.0, or 255.255.0.0). The last parameter allows you to choose either the VPN (vpn_gateway) or ISP/WAN (net_gateway) to route those public IPs. By using those particular names (net_gateway or vpn-gateway), OpenVPN determines *your* ISP's default gateway or *your* VPN's default gateway at runtime, makes the substitution, and finally adds the routes to the local routing table.

Now there is a small shortcut available, since vpn_gateway is the default for OpenVPN, and 255.255.255.255 (host) is the default for any IP specification.

route plex.tv

IOW, the following are equivalent directives.

route plex.tv
route plex.tv 255.255.255.255 vpn_gateway

Personally, I tend to use the latter simply because it clearer what the intent is. But in the case of net_gateway (the ISP's default gateway), you *must* use the following syntax.

route plex.tv 255.255.255.255 net_gateway

Another gotcha here is sometimes the megasites don't always resolve to *all* the possible IPs that can be associated w/ a given domain name. They change over time, sometimes over very short time periods (probably for load balancing purposes). You see this w/ things like Netflix, Hulu, etc. (not so much smaller services like Plex.tv). So for example, whatever netflix.com resolves to at the time the route is added, might not *always* be a valid IP for the entire duration of your connection to the VPN, particularly if that connection remains up for days or weeks at a time. It *might* stop working until you stop and restart the VPN so the domain name can be resolved again and pick of the new public IPs.

Granted, the above is a rarity, and tends to affect mostly the megasites, but it's something to be aware of.