Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Plex Bypass VPN causes amazon.com not to work

Discussion in 'Asuswrt-Merlin' started by soniccool, Apr 20, 2017 at 7:31 PM.

  1. soniccool

    soniccool New Around Here

    Joined:
    Apr 16, 2017
    Messages:
    5
    Hey there! I run this openvpn-event when i start my VPN so plex can bypass the VPN. But this causes any other computer on my network unable to load amazon.com correctly. I dont see why. Any ideas?

    FYI plex.tv pulls IP's from amazon.

    Code:
    #!/bin/bash
    # This code goes in the WAN UP section.
    # This code based on the contributions from this thread:
    # http://www.linksysinfo.org/index.php?threads/route-only-specific-ports-through-vpn-openvpn.37240/
    #
    # And from material in these articles:
    # http://linux-ip.net/html/adv-multi-internet.html
    # http://fedorasolved.org/Members/kanarip/iptables-howto
    #
    # This script configures "selective" VPN routing. Normally, OpenVPN will route ALL traffic out
    # the OpenVPN tunnel. These changes to iptables allow some outbound traffic to use the VPN, and some
    # traffic to bypass the VPN and use the regular Internet instead.
    #
    # To list the current rules on the router, issue the command:
    # iptables -t mangle -L PREROUTING
    #
    # Flush/reset all the rules to default by issuing the command:
    # iptables -t mangle -F PREROUTING
    #
    #
    # First it is necessary to disable Reverse Path Filtering on all
    # current and future network interfaces:
    #
    for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do
    echo 0 > $i
    done
    #
    # Delete and table 100 and flush any existing rules if they exist.
    #
    ip route flush table 100
    ip route del default table 100
    ip rule del fwmark 1 table 100
    ip route flush cache
    iptables -t mangle -F PREROUTING
    #
    # Copy all non-default and non-VPN related routes from the main table into table 100.
    # Then configure table 100 to route all traffic out the WAN gateway and assign it mark "1"
    #
    # NOTE: Here I assume the OpenVPN tunnel is named "tun11".
    #
    #
    ip route show table main | grep -Ev ^default | grep -Ev tun11 \
    | while read ROUTE ; do
    ip route add table 100 $ROUTE
    done
    ip route add default table 100 via $(nvram get wan_gateway)
    ip rule add fwmark 1 table 100
    ip route flush cache
    #
    # Define the routing policies for the traffic. The rules will be applied in the order that they
    # are listed. In the end, packets with MARK set to "0" will pass through the VPN. If MARK is set
    # to "1" it will bypass the VPN.
    #
    # EXAMPLES:
    #
    # All LAN traffic will bypass the VPN (Useful to put this rule first, so all traffic bypasses the VPN and you can configure exceptions afterwards)
     iptables -t mangle -A PREROUTING -i br0 -j MARK --set-mark 1
    # Ports 80 and 443 will bypass the VPN
    # iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 80,443 -j MARK --set-mark 1
    # All traffic from a particular computer on the LAN will use the VPN
     iptables -t mangle -A PREROUTING -i br0 -m iprange --src-range 192.168.1.4 -j MARK --set-mark 0
    # All traffic to a specific Internet IP address will use the VPN
    # iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 216.146.38.70 -j MARK --set-mark 0
    # All UDP and ICMP traffic will bypass the VPN
    # iptables -t mangle -A PREROUTING -i br0 -p udp -j MARK --set-mark 1
    # iptables -t mangle -A PREROUTING -i br0 -p icmp -j MARK --set-mark 1
    # All traffic from a specific Internet IP address range USING CIDR NOTATION will bypass the VPN
    # iptables -t mangle -A PREROUTING -i br0 -s 74.125.229.0/24 -j MARK --set-mark 0
    # All traffic to a specific Internet IP address range USING CIDR NOTATION will use the VPN
    # iptables -t mangle -A PREROUTING -i br0 -d 98.207.0.0/16 -j MARK --set-mark 0
    
    #new
    #iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --sport 32400,32443 -j MARK --set-mark 2
    #iptables -t mangle -A OUTPUT -p udp -m multiport --dport 17827,32400,32443,32410,32412,32413,32414,32469 -j MARK --set-mark 2
    iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.4 -d plex.tv -j MARK --set-mark 1
    iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.4 -p tcp -m multiport --sport 32400,32443 -j MARK --set-mark 1
    
    
    
    
    #old
    #iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 32400 -j MARK --set-mark 1
    #iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.4 -p tcp -m multiport --sport 32400 -j MARK --set-mark 1
    #iptables -t mangle -A PREROUTING -i br0 -p tcp -m multiport --dport 8888 -j MARK --set-mark 1
    #iptables -t mangle -A PREROUTING -i br0 -s 192.168.1.4 -p tcp -m multiport --sport 8888 -j MARK --set-mark 1
    
    
    # Bypass Plex IP Ranges https://forums.aws.amazon.com/ann.jspa?annID=1701
    # FROM/SOURCE
    #iptables -t mangle -A PREROUTING -i br0 -s 184.169.128.0/17 -j MARK --set-mark 1
    #iptables -t mangle -A PREROUTING -i br0 -s 50.18.0.0/16 -j MARK --set-mark 1
    #iptables -t mangle -A PREROUTING -i br0 -s 54.241.0.0/16 -j MARK --set-mark 1
    #iptables -t mangle -A PREROUTING -i br0 -s 184.72.0.0/18 -j MARK --set-mark 1
    
    #new
    #iptables -t mangle -A PREROUTING -i br0 -s 54.176.0.0/16 -j MARK --set-mark 1
    
    
    
    
    # TO/DESTINATION
    #iptables -t mangle -A PREROUTING -i br0 -d 184.169.128.0/17 -j MARK --set-mark 1
    #iptables -t mangle -A PREROUTING -i br0 -d 50.18.0.0/16 -j MARK --set-mark 1
    #iptables -t mangle -A PREROUTING -i br0 -d 54.241.0.0/16 -j MARK --set-mark 1
    #iptables -t mangle -A PREROUTING -i br0 -d 184.72.0.0/18 -j MARK --set-mark 1
    
    #new
    #iptables -t mangle -A PREROUTING -i br0 -d 54.176.0.0/16 -j MARK --set-mark 1
    
    
    
    
    #Bypass IPChicken
    #iptables -t mangle -A PREROUTING -i br0 -m iprange --dst-range 209.68.27.16 -j MARK --set-mark 1
    
    
    
    
     
    Last edited: Apr 20, 2017 at 7:49 PM

Share This Page