VPN/Streaming Setup Question

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

MrOblivious

New Around Here
Hello All - This is my first post here, but have been learning from the sages on the site for some time. I’m sure there will be more questions to follow.

I have an ASUS RT-AC86U running Merlin 384.19, Diversion, and Skynet. I recently switched to NordVPN. As my previous provider wasn’t streamer-friendly, I had to have policy rules in place so that the Apple TV went out over the WAN, but all other traffic went through the VPN tunnel. Since NordVPN allows me to stream through the VPN, this is no longer necessary. I configured the router per their tutorial and am able to successfully stream Netflix, Prime Video, Hulu, and Disney+. The last step in the tutorial is the optional kill switch set-up which of course is instead of having ‘Force Internet traffic through tunnel’ set to 'Yes', have a single (strict) policy rule to have all traffic go through the VPN and enable ‘Block routed clients if tunnel goes down’.

When the setting is set to ‘Yes’ I’m able to stream and all is well. When it’s set to the policy rules method, I get the assorted ‘you’re behind a VPN/Proxy so we’re not talking to you’ messages from each of the providers.

I’m a little confused as to what the difference is since there’s only the one policy rule which directs all traffic through the tunnel. I would prefer to have the functionality of the kill switch Do I need to be concerned about it, or is traffic stopped when you select ‘Yes’ and the tunnel is down?.

Thanks very much for any insights
 

eibgrad

Very Senior Member

So what *may* be happening is a DNS leak due to the fact that the GUI requires you to use PBR to take advantage of a kill switch (something I believe should be addressed). But as I discussed in the rest of that thread, can be easily avoided by routing everything through the VPN by default and using your own kill switch.
 

MrOblivious

New Around Here
Thanks very much for the reply. I also would be interested to see a kill switch option when "Force internet traffic through tunnel" is set to Yes. I scanned the thread you linked but hadn't quite finished it. I would like to implement the manual kill switch as you mentioned, but I'm not sure quite how to proceed.

I wanted to heed your advice and test it first. Do I literally paste the two lines of code into the terminal session? I tried it and got no error but wasn't sure how to test if it was working or not. Assuming it is, I looked and 'firewall-start' is already present, apparently created by Skynet. In order to manually add the code to the existing script, do I simply append it starting on the next line? The only thing currently in the file is:

Code:
#!/bin/sh

sh /jffs/scripts/firewall start skynetloc=/tmp/mnt/USB-8GB/skynet # Skynet

Thanks so much for your help!
 

eibgrad

Very Senior Member
I wanted to heed your advice and test it first. Do I literally paste the two lines of code into the terminal session?
Yes.

I tried it and got no error but wasn't sure how to test if it was working or not.
Because the firewall rule is unconditional, if you turn off the VPN, your clients will have no internet access, proving it works (at least if turning off the VPN doesn't reset the firewall).

Assuming it is, I looked and 'firewall-start' is already present, apparently created by Skynet. In order to manually add the code to the existing script, do I simply append it starting on the next line? The only thing currently in the file is:

Code:
#!/bin/sh

sh /jffs/scripts/firewall start skynetloc=/tmp/mnt/USB-8GB/skynet # Skynet
You can just add those two lines to the end of the existing firewall-start script.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top