What's new

x3mRouting VPN client bypass routing without policy rules ('Force Internet traffic through tunnel' option set to 'Yes')

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

mbekahs

New Around Here
Hi,

I have read the requirements for X3mRouting scripts and can see that Policy Rules (Strict) or Policy Rules must be enabled on the OpenVPN Client Screen for the scripts to work. Is there any way to have the 'Force Internet traffic through tunnel' option set to 'Yes' instead of using Policy Rules and still be able to bypass VPN for a client? The problem I have is that if I use Policy Rules in the VPN client screen, Diversion doesn't work as mentioned on the x3mtek blog

Is there any way to bypass VPN routing for one client, use the VPN provider's DNS servers exclusively and also use Diversion? I guess not, but I thought I'd ask in case someone else has been in this situation.

Thanks,
 
Unfortunately if you use your VPN provider DNS you are not able to get adblock from diversion.

By the way, which merlin version are you using? Note that 386.3 or later there is an introduction of VPN Director. There is some changes on vpn client gui. If you have X3mRouting option 2 installed then you have to uninstall it. You still can install x3mrouting option 3 after that.
 
I seem to be able to use my VPN provider's DNS with Diversion adblock working if I set the 'Force Internet Traffic through tunnel' option to 'Yes'.


386.2_6
Force internet traffic through tunnel and accept provider DNS exclusively are two different settings. If you use VPN provider DNS you simply bypassed router dnsmasq and that means no diversion.
 
Force internet traffic through tunnel and accept provider DNS exclusively are two different settings. If you use VPN provider DNS you simply bypassed router dnsmasq and that means no diversion.
I can follow the dnsmasq log and can see Diversion filtering out certain advertising/tracking domains and then forwarding them to my VPN provider.
Unless I am confusing this with something else, I am pretty sure that Diversion works in this way (with Policy Rules disabled), at least for me anyway, as stated here https://x3mtek.com/policy-rule-routing-on-asuswrt-merlin-firmware/


Screen Shot 2021-09-07 at 11.53.08 am.png
 
I can follow the dnsmasq log and can see Diversion filtering out certain advertising/tracking domains and then forwarding them to my VPN provider.
Unless I am confusing this with something else, I am pretty sure that Diversion works in this way (with Policy Rules disabled), at least for me anyway, as stated here https://x3mtek.com/policy-rule-routing-on-asuswrt-merlin-firmware/


View attachment 36162
I see what you mean now. It seems this is the only way for both to work together. I guess the downside is you lost the ability to select client to route through WAN or VPN. I needed this so I could not get VPN provider DNS and diversion work together. In the end I choose to use unbound DNS and route it through VPN.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top