HELP - Script to automate change in policy based routing

CannaLucente

New Around Here
Hi All,

I am new to the forum. I have recently purchased an AX88U on which I have installed Merlin 384.19.

I have a question related to policy based routing for OpenVPN.

I normally keep the VPN on 24/7 but Amazon Prime Video and Disney+ don't work when it's active and I am looking for the best way to manage this.

1) I can switch on/off the VPN quite easily with a program called VeeKee, found on this forum, or with SSH with a simple command (service stop/start_vpnclient1). Downside is this applies to all devices on the LAN and needs to be done every time. Also, as I use the kill switch, this is not really an option as every device stops working.

2) I can configure an exception in the policy based routing to route the given device via WAN. Downside is this needs to be done every time and, as far as I have figured out so far, I don't have a simple one line command to flip the given device interface from VPN to WAN and vice versa (I don't want to keep the given device always via WAN). I can login and do it on router.asus.com but this is not very quick.

The easiest would be to map the IP ranges of Amazon Prime Video and Disney+ in a specific routing rule, but I haven't found anywhere which set of IPs should I configure. Is there a way to do this?

If the above cannot be done, is there a way to write a script I can execute from an Android device that every time flips the policy rule to route the given device between VPN and WAN?

Apologies for the basic question but I am completely new to Unix scripting... Is there a website or something I can read which teaches me through the basics of scripting? I have read the merlin wiki but I feel like I am lacking even more basic knowledge...

Thanks in advance!
 

Butterfly Bones

Very Senior Member
Use policy based routing.

Whitelist those devices that need to access sites that stop streaming if they detect proxies or a vpn.
Here is mine for am android TV box and two smart TVs:
Code:
Router    192.168.1.1    0.0.0.0    WAN    
LAN    192.168.1.0/24    0.0.0.0    VPN    
Shield-TV    192.168.1.XX    0.0.0.0    WAN    
Vizio One    192.168.1.YY    0.0.0.0    WAN    
Vizio Two    192.168.1.ZZ    0.0.0.0    WAN
This works if you only use TVs for streaming. If you want to have various computers behind the VPN most times and only allow them to bypass the VPN for streaming sites, that gets more complicated.

Try these these -

(BTW, this subject comes up frequently and a forum search might turn up more solutions).
 

CannaLucente

New Around Here
Hi Butterfly Bones, thanks for your reply. I have searched in the forum, it is an amazing source of information, and all I have done so far I have learnt it from there (I started yesterday and I was a complete ignorant about Merlin, WRT etc.).

But I couldn't find a solution. The example you gave me above would make all traffic from the given device to go via WAN and this is not what I want. Ideally I would like to split the traffic VPN/WAN based on the address I am connecting to but, as I don't know the IP for Amazon and Disney+, I started thinking about the switch. In the worst case I can always get a Fire TV stick or similar and have the TV always via WAN and the Fire Key always via VPN and use the apps accordingly but I wanted to explore the other options first.

Thanks for the links you gave me. Will now go through them carefully and come back here with an update :)

Cheers!
 

Butterfly Bones

Very Senior Member
The example you gave me above would make all traffic from the given device to go via WAN and this is not what I want. Ideally I would like to split the traffic VPN/WAN based on the address I am connecting to but, as I don't know the IP for Amazon and Disney+,
What you need to split traffic only to Amazon and Disney+ is precisely what the X3mRouting does!
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top