route certain domains through client vpn

[Xentrk]

@abir1909
I first used the approach of mining dnsmasq when trying to route BBC. There were many domains and eventually I got there. But in the development of the project, I was able to reduce the list to just a small number of domains by looking at the page source code and starting with the domains listed on the website. So, looking at the website source code is a good place to start. Then, look at what is being listed in /opt/var/log/dnsmasq.log for clues if things are still not working. Some streaming sites are easier than others.

 

[abir1909]

@abir1909
I first used the approach of mining dnsmasq when trying to route BBC. There were many domains and eventually I got there. But in the development of the project, I was able to reduce the list to just a small number of domains by looking at the page source code and starting with the domains listed on the website. So, looking at the website source code is a good place to start. Then, look at what is being listed in /opt/var/log/dnsmasq.log for clues if things are still not working. Some streaming sites are easier than others.

Thanks again with all these guides I feel like I am getting closer every day.
I mined and noticed that all their live and vod streaming is coming from AkamaiTechnologies.com. The problem is that they have so many POs and AS numbers.
I added like 4 AS numbers and so far so good. I am not sure if there is a better way of doing it?!

I am still having trouble have the ip set start at boot. I am new to Unix and shell scripts watching tons of YouTubes trying to figure it out.
Thx

 

[Xentrk]

Thanks again with all these guides I feel like I am getting closer every day.
I mined and noticed that all their live and vod streaming is coming from AkamaiTechnologies.com. The problem is that they have so many POs and AS numbers.
I added like 4 AS numbers and so far so good. I am not sure if there is a better way of doing it?!

I am still having trouble have the ip set start at boot. I am new to Unix and shell scripts watching tons of YouTubes trying to figure it out.
Thx

Akamai is a Content Delivery Network. CDN caches content on servers around the globe to eliminate buffering. That is a tough site to mine. Perhaps try using the ASN numbers 12400 and 1680 from the spoiler:

Spoiler: mako.co.il ASNs

nslookup stats.mako.co.il
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: stats.mako.co.il
Address 1: 192.168.22.2 -sso.anbtr.com
wizard@RT-AC88U-8248:/tmp/mnt/entware/entware/var/log# nslookup mako.co.il
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name: mako.co.il
Address 1: 199.203.59.151
Address 2: 5.100.248.61
Address 3: 5.100.251.149
Address 4: 62.90.188.216 62-90-188-216.barak.net.il
Address 5: 82.166.147.132 82-166-147-132.barak-online.net
wizard@RT-AC88U-8248:/tmp/mnt/entware/entware/var/log# whob 199.203.59.151
IP: 199.203.59.151
Origin-AS: 1680
Prefix: 199.203.0.0/16
AS-Path: 6539 577 6453 1680
AS-Org-Name: CELLCOM ltd.
Org-Name: S.E.A - Multimedia
Net-Name: NV-SEA
Cache-Date: 1561623789
Latitude: 32.080880
Longitude: 34.780570
City: Tel Aviv
Region: Tel Aviv
Country: Israel
Country-Code: IL
wizard@RT-AC88U-8248:/tmp/mnt/entware/entware/var/log# whob 5.100.248.61
IP: 5.100.248.61
Origin-AS: 12400
Prefix: 5.100.248.0/24
AS-Path: 24441 3491 9116 12400
AS-Org-Name: PARTNER-AS
Org-Name: CLOUDWEBMANAGE-IL
Net-Name: CLOUDWEBMANAGE-IL
Cache-Date: 1561623789
Latitude: 32.147220
Longitude: 34.841670
City: Ramat HaSharon
Region: Tel Aviv
Country: Israel
Country-Code: IL
wizard@RT-AC88U-8248:/tmp/mnt/entware/entware/var/log# whob 5.100.251.149
IP: 5.100.251.149
Origin-AS: 12400
Prefix: 5.100.251.0/24
AS-Path: 24441 3491 9116 12400
AS-Org-Name: PARTNER-AS
Org-Name: CLOUDWEBMANAGE-IL
Net-Name: CLOUDWEBMANAGE-IL
Cache-Date: 1561623789
Latitude: 32.147220
Longitude: 34.841670
City: Ramat HaSharon
Region: Tel Aviv
Country: Israel
Country-Code: IL
wizard@RT-AC88U-8248:/tmp/mnt/entware/entware/var/log# whob 62.90.188.216
IP: 62.90.188.216
Origin-AS: 1680
Prefix: 62.90.0.0/16
AS-Path: 24441 3491 1680
AS-Org-Name: CELLCOM ltd.
Org-Name: Cloud Web Manage
Net-Name: CloudWebManage
Cache-Date: 1561623789
Latitude: 32.815560
Longitude: 34.989170
City: Haifa
Region: Hefa
Country: Israel
Country-Code: IL
wizard@RT-AC88U-8248:/tmp/mnt/entware/entware/var/log# whob 82.166.147.132
IP: 82.166.147.132
Origin-AS: 1680
Prefix: 82.166.0.0/16
AS-Path: 24441 3491 1680
AS-Org-Name: CELLCOM ltd.
Org-Name: ARIEL_UNIVERSITY
Net-Name: ARIEL_UNIVERSITY
Cache-Date: 1561623789
Latitude: 32.815560
Longitude: 34.989170
City: Haifa
Region: Hefa
Country: Israel
Country-Code: IL

Most people use a client like putty. I use MobaXterm SSH client to get an windows explorer view into the file system. Navigate to /jffs/scripts and create the file nat-start:

#!/bin/sh
sh /jffs/scripts/run-script-at-boot.sh

In the command line, type:

chmod 755 /jffs/scripts/nat-start

To make the script executable

 

[abir1909]

thanks for the 2 ASN's you sent. unfortunately some content won't play, it goes through others ASN's. I figure out like 4 or 5 ASN and most content is streaming. However, I watched something last night and something today and it get stuck. I pretty much have to turn off the vpn client and turn it back on again in order for it to work.
maybe the router can't handle thousands of IPs? reminding I am using method 2, added the IP Sets to the GUI.
thanks

 

[Xentrk]

thanks for the 2 ASN's you sent. unfortunately some content won't play, it goes through others ASN's. I figure out like 4 or 5 ASN and most content is streaming. However, I watched something last night and something today and it get stuck. I pretty much have to turn off the vpn client and turn it back on again in order for it to work.
maybe the router can't handle thousands of IPs? reminding I am using method 2, added the IP Sets to the GUI.
thanks

ipset is very efficient and can handle large amount of IP addresses. The largest ipset list I have on my router is from skynet:

Skynet-Blacklist - 164654

I think the issue is just finding the top level domains. I am scanning the mako.co.il page source code for href and came across the domain mako.publishers.com that you may have to add that belongs to google international AS15169:

nslookup mako-publishers.com
Server:    127.0.0.1
Address 1: 127.0.0.1 localhost.localdomain

Name:      mako-publishers.com
Address 1: 23.236.62.147 147.62.236.23.bc.googleusercontent.com

wizard@RT-AC88U-8248:/tmp/home/root# whob 23.236.62.147
IP: 23.236.62.147
Origin-AS: 15169
Prefix: 23.236.48.0/20
AS-Path: 7018 15169
AS-Org-Name: Google LLC
Org-Name: Google LLC
Net-Name: GOOGLE-CLOUD
Cache-Date: 1561710320
Latitude: 37.405992
Longitude: -122.078515
City: Mountain View
Region: California
Country: United States
Country-Code: US