RT-AC86U using merlin 384.5 firmware.
I'm trying to get netflix to bypass VPN using ipset.
I've read a lot on it. I've created the dnsmasq.conf.add
But i know i need to create the BYPASS_VPN. I can do this on the command line: ipset create BYPASS_VPN hash:ip but not in the config. What's the command to create and make it persistent so after reboot i can see the list again using ipset list?
EDIT2: Seems the only way to make it persistent is a start up/shutdown script whereby a ipset save and restore is run.
Also at what stage will it dynamically fill BYPASS_VPN with the ip's from that list of domains?
EDIT1: I used nslookup netflix.com cause a DNS reference. that's populated it.
I've also added to nat-start:
EDIT3: I've implemented all this, ipset list shows the IP addresses. The next issue I think might be because DNS is pointing to NordVPN's DNS servers.
I read that using server=/netflix.com/<ip of Dyn DNS server> should bypass the VPN DNS. But that didnt seem to work. When i tried to run nslookup netflix.com there was an error in the router log that said the Dyn DNS IP can not do (i cant remember exactly) recursive lookups or something.
I'm trying to get netflix to bypass VPN using ipset.
I've read a lot on it. I've created the dnsmasq.conf.add
Code:
ipset=/netflix.com/nflxext.com/amazonaws.com/amazon.com/amazon.co.uk/bbc.co.uk/BYPASS_VPN
EDIT2: Seems the only way to make it persistent is a start up/shutdown script whereby a ipset save and restore is run.
Also at what stage will it dynamically fill BYPASS_VPN with the ip's from that list of domains?
EDIT1: I used nslookup netflix.com cause a DNS reference. that's populated it.
I've also added to nat-start:
Code:
TAG_MARK=0x7000
ip rule del prio 9990
ip rule add fwmark $TAG_MARK table main prio 9990
iptables -D PREROUTING -t mangle -m set --match-set BYPASS_VPN dst -j MARK --set-mark $TAG_MARK/$TAG_MARK
iptables -A PREROUTING -t mangle -m set --match-set BYPASS_VPN dst -j MARK --set-mark $TAG_MARK/$TAG_MARK
I read that using server=/netflix.com/<ip of Dyn DNS server> should bypass the VPN DNS. But that didnt seem to work. When i tried to run nslookup netflix.com there was an error in the router log that said the Dyn DNS IP can not do (i cant remember exactly) recursive lookups or something.
Last edited: