x3mRouting x3mRouting ~ Selective Routing for Asuswrt-Merlin Firmware

[Dew]

Hi Xentrk,

I am unable to make a IPset using DNSMASQ. Tried to force update, reboot router and uninstall / reinstall xm3routing but didn't help. Any thoughts?

ASUSWRT-Merlin RT-AC68U 384.15_0 Sat Feb  8 18:38:21 UTC 2020
admin@RT-AC68U-8320:/tmp/home/root#
admin@RT-AC68U-8320:/tmp/home/root# sh /jffs/scripts/x3mRouting/load_DNSMASQ_ips
et.sh NETFLIX amazonaws.com,netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxv
ideo.net
(load_DNSMASQ_ipset.sh): 9332 Starting Script Execution
(load_DNSMASQ_ipset.sh): 9332 ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/NETFLIX added to /jffs/configs/dnsmasq.conf.add
(load_DNSMASQ_ipset.sh): 9332 IPSET created: NETFLIX hash:net family inet hashsize 1024 maxelem 65536
(load_DNSMASQ_ipset.sh): 9332 CRON schedule created: #NETFLIX# '0 2 * * * ipset save NETFLIX'
(load_DNSMASQ_ipset.sh): 9332 Completed Script Execution
admin@RT-AC68U-8320:/tmp/home/root#
admin@RT-AC68U-8320:/tmp/home/root# liststats
NETFLIX - 0

 

[Olivier L]

In the new version, there will only be one script rather than a script for each method. The method will be passed as a parameter on the command line.

Most people have a rule to force all LAN clients to use a VPN Client with an entry in the Policy Rule Routing section as follows:

LAN_IPs    192.168.1.0/24    0.0.0.0    VPN

I will use the second entry above as an example. The entry below is used to bypass Netflix traffic for a VPN client:

sh /jffs/scripts/x3mRouting/load_ASN_ipset_iface.sh 0 NETFLIX AS2906

In the new version, you have to specify the VPN Client you want to bypass as the source interface:

 sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX asnum=AS2906

Usage: Source_Iface Destination_Iface IPSET_name method=

Method is asnum=, dnsmasq=, aws_region= or ip=. If no method is specified, the manual method is used as the default.

Specifying the source interface tells the x3mRouting script where to place the configuration so the rules are applied when the VPN client is started. If one specifies 1 as the Source interface, the script will place the line above in /jffs/scripts/x3mRouting/vpnclient1-route-up file. Likewise, it will place a rule in /jffs/scripts/x3mRouting/vpnclient1-route-pre-down to remove the routing rule when the VPN client goes down. The entries in nat-start should no longer be required.

Similarly, if you have specified all LAN traffic to use VPN Client 1, but for LAN client 192.168.1.50, you need to route Netflix traffic to the WAN.

 sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX asnum=AS2906 src=192.168.1.50

Or, you can specify a range of IP address:

 sh /jffs/scripts/x3mRouting/x3mRouting.sh 1 0 NETFLIX asnum=AS2906 src-range=192.168.1.50-192.168.1.60

waouh this will be a perfect routing tool !

 

[Xentrk]

Hi Xentrk,

I am unable to make a IPset using DNSMASQ. Tried to force update, reboot router and uninstall / reinstall xm3routing but didn't help. Any thoughts?

ASUSWRT-Merlin RT-AC68U 384.15_0 Sat Feb  8 18:38:21 UTC 2020
admin@RT-AC68U-8320:/tmp/home/root#
admin@RT-AC68U-8320:/tmp/home/root# sh /jffs/scripts/x3mRouting/load_DNSMASQ_ips
et.sh NETFLIX amazonaws.com,netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxv
ideo.net
(load_DNSMASQ_ipset.sh): 9332 Starting Script Execution
(load_DNSMASQ_ipset.sh): 9332 ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/NETFLIX added to /jffs/configs/dnsmasq.conf.add
(load_DNSMASQ_ipset.sh): 9332 IPSET created: NETFLIX hash:net family inet hashsize 1024 maxelem 65536
(load_DNSMASQ_ipset.sh): 9332 CRON schedule created: #NETFLIX# '0 2 * * * ipset save NETFLIX'
(load_DNSMASQ_ipset.sh): 9332 Completed Script Execution
admin@RT-AC68U-8320:/tmp/home/root#
admin@RT-AC68U-8320:/tmp/home/root# liststats
NETFLIX - 0

You have to go to the netflix website or do an nslookup on the full domain name to populate the list. Once you start surfing or watching on the streaming device, dnsmasq will populate the IPSET list.

 

[Xentrk]

Xentrk,
After the last update I don't seem to be able to change "Block routed clients if tunnel goes down" setting. I've always had it on "Yes" , but now it's on "No". Putting it to yes and Applying it takes 15 seconds and still shows "No"

Thanks. I'll take a look.

 

[Dew]

You have to go to the netflix website or do an nslookup on the full domain name to populate the list. Once you start surfing or watching on the streaming device, dnsmasq will populate the IPSET list.

Hi Xentrk,

Sorry for being such a pain.. it doesn't seems to work. I tried to browse netflix on my device and nslookup on the router but still nothing.

admin@RT-AC68U-8320:/tmp/home/root# liststats
admin@RT-AC68U-8320:/tmp/home/root# sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset.sh NETFLIX amazonaws.com,netflix.com,nflxext.com,nflximg.net,
nflxso.net,nflxvideo.net
(load_DNSMASQ_ipset.sh): 25036 Starting Script Execution
(load_DNSMASQ_ipset.sh): 25036 ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/NETFLIX added to /jffs/configs/dnsmasq.conf.add
(load_DNSMASQ_ipset.sh): 25036 IPSET created: NETFLIX hash:net family inet hashsize 1024 maxelem 65536
(load_DNSMASQ_ipset.sh): 25036 CRON schedule created: #NETFLIX# '0 2 * * * ipset save NETFLIX'
(load_DNSMASQ_ipset.sh): 25036 Completed Script Execution
admin@RT-AC68U-8320:/tmp/home/root# liststats
NETFLIX - 0
admin@RT-AC68U-8320:/tmp/home/root# nslookup netflix.com
Server:    8.8.8.8
Address 1: 8.8.8.8 dns.google

Name:      netflix.com
Address 1: 2a01:578:3::34d4:ac6a
Address 2: 34.250.61.125 ec2-34-250-61-125.eu-west-1.compute.amazonaws.com
Address 3: 52.213.155.117 ec2-52-213-155-117.eu-west-1.compute.amazonaws.com
Address 4: 54.194.87.208 ec2-54-194-87-208.eu-west-1.compute.amazonaws.com
Address 5: 54.154.81.103 ec2-54-154-81-103.eu-west-1.compute.amazonaws.com
Address 6: 34.246.63.0 ec2-34-246-63-0.eu-west-1.compute.amazonaws.com
Address 7: 54.76.159.18 ec2-54-76-159-18.eu-west-1.compute.amazonaws.com
Address 8: 54.76.60.39 ec2-54-76-60-39.eu-west-1.compute.amazonaws.com
Address 9: 54.77.24.36 ec2-54-77-24-36.eu-west-1.compute.amazonaws.com
admin@RT-AC68U-8320:/tmp/home/root# liststats
NETFLIX - 0

 

[Xentrk]

Xentrk,
After the last update I don't seem to be able to change "Block routed clients if tunnel goes down" setting. I've always had it on "Yes" , but now it's on "No". Puting it to yes and Applying it takes 15 seconds and still shows "No"

I patched the code to fix the issue with the Yes and No buttons. Access the x3mRouting menu and selection option 7 to get the update.

 

[Xentrk]

Hi Xentrk,

Sorry for being such a pain.. it doesn't seems to work. I tried to browse netflix on my device and nslookup on the router but still nothing.

admin@RT-AC68U-8320:/tmp/home/root# liststats
admin@RT-AC68U-8320:/tmp/home/root# sh /jffs/scripts/x3mRouting/load_DNSMASQ_ipset.sh NETFLIX amazonaws.com,netflix.com,nflxext.com,nflximg.net,
nflxso.net,nflxvideo.net
(load_DNSMASQ_ipset.sh): 25036 Starting Script Execution
(load_DNSMASQ_ipset.sh): 25036 ipset=/amazonaws.com/netflix.com/nflxext.com/nflximg.net/nflxso.net/nflxvideo.net/NETFLIX added to /jffs/configs/dnsmasq.conf.add
(load_DNSMASQ_ipset.sh): 25036 IPSET created: NETFLIX hash:net family inet hashsize 1024 maxelem 65536
(load_DNSMASQ_ipset.sh): 25036 CRON schedule created: #NETFLIX# '0 2 * * * ipset save NETFLIX'
(load_DNSMASQ_ipset.sh): 25036 Completed Script Execution
admin@RT-AC68U-8320:/tmp/home/root# liststats
NETFLIX - 0
admin@RT-AC68U-8320:/tmp/home/root# nslookup netflix.com
Server:    8.8.8.8
Address 1: 8.8.8.8 dns.google

Name:      netflix.com
Address 1: 2a01:578:3::34d4:ac6a
Address 2: 34.250.61.125 ec2-34-250-61-125.eu-west-1.compute.amazonaws.com
Address 3: 52.213.155.117 ec2-52-213-155-117.eu-west-1.compute.amazonaws.com
Address 4: 54.194.87.208 ec2-54-194-87-208.eu-west-1.compute.amazonaws.com
Address 5: 54.154.81.103 ec2-54-154-81-103.eu-west-1.compute.amazonaws.com
Address 6: 34.246.63.0 ec2-34-246-63-0.eu-west-1.compute.amazonaws.com
Address 7: 54.76.159.18 ec2-54-76-159-18.eu-west-1.compute.amazonaws.com
Address 8: 54.76.60.39 ec2-54-76-60-39.eu-west-1.compute.amazonaws.com
Address 9: 54.77.24.36 ec2-54-77-24-36.eu-west-1.compute.amazonaws.com
admin@RT-AC68U-8320:/tmp/home/root# liststats
NETFLIX - 0

I've had issues in the past where the NS Lookup doesn't populate an IPSET list. But accessing the site via streaming service or a web browser does. So try that first.

Another thing is to look at Tools->Other Settings Tab - experiment with the setting Wan: Use local caching DNS server as system resolver (default: No). I have mine set to yes at the moment.

If you have Policy Rules enabled and Accept DNS Configuration=Exclusive, dnsmasq is bypassed which may also cause an issue.

For additional troubleshooting, you can use the diversion option f to follow the dnsmasq.log file. Or

tail -f /opt/var/log/dnsmasq.log

as you access NF on a device. You should see ipset log entries that it added ip addresses to the ipset list. To filter for the ipset messages, type

cat /opt/var/log/dnsmasq.log | grep ipset

Mar 15 19:11:46 dnsmasq[27342]: ipset add MOVETV 18.189.86.226 p-cg62-k8s1c-1684744468.us-east-2.elb.amazonaws.com
Mar 15 19:12:12 dnsmasq[27342]: ipset add MOVETV 151.101.10.68 p.slingtv.map.fastly.net
Mar 15 19:12:27 dnsmasq[27342]: ipset add MOVETV 74.206.223.26 p-col.gtm.movetv.com
Mar 15 19:12:27 dnsmasq[27342]: ipset add MOVETV 74.206.222.26 p-col.gtm.movetv.com
<snip>

 

[Dew]

Hi Xentrk,

Thanks! I manage to get dnsmasq working after running all of your steps. Anyway I realize it is the ASN ipset that doing the routing after running both ipsets together.

admin@RT-AC68U-8320:/tmp/home/root# iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 6027 packets, 3575K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     1382 1458K MARK       all  --  tun11  *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x1/0x7
2     1228  210K MARK       all  --  br0    *       192.168.2.11         0.0.0.0/0            match-set NETFLIX2 dst MARK or 0x1000

I am getting "Error - you seems to be using an unblocker or proxy" on netflix when i try play a video through the VPN client. I am able to play the same video when i connect using the same VPN settings on another router (without x3routing).

I hope to be able to just use one router with routing rules instead of using two router and changing wifi connections when i need to play video of another region using my vpn. Do you think that is possible?

 

[Diegoweb]

Hey buddy!
I'm using OpenWRT with IPSET + MWAN3 to selective route Netflix.
As I could see from your script, you ipset some netflix domains (netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net) and also get the Netflix ASN IP's (
AS2906).

Using this same idea from yours, when I IPSET the netflix domains and send to my Netflix only modem I get easily browse all netflix catalog and use everything in netflix website, except for playback (I can see the title and as soon as I press play, netflix shows me an error). So them I got all Netflix IP's from the ASN AS2906 and send all the traffic from this ip's to the same Netflix only modem that I'm using IPSET. When I do this, Netflix stops working in some parts (and I still can't playback anything).

Can you help me out figure this out?
I even thought about using Wireshark and Burp to see the correct IP's I get so I could selective route all those.
Basically I have a LTE Simcard that only work in netflix (it's unlimited, but for Netflix only), so I'd like to use this modem to get all netflix traffic (it works great when I disable all network interfaces in Windows for example and plug the modem directly into my laptop, I can browse and playback everything in Netflix, so the problem is how to filter those ips/domains so I can use with my router).

Is anything that I'm missing?
I live in South America, so perhaps some IP's are different. So I'd like to know what could I do to get the correct IP's to playback (since the IPSET is working great and I can easily browse everything in Netflix).

It's weird because I thought the IPSET stuff would work just fine by itself (without the Netflix ASN), since the URL I can see in Burp when I playback something in Windows is a Open Connect CDN from My ISP ending in nflxvideo.net.

Btw, I can't for example IPSET the Amazon AWS domains (or Cloudflare), since by doing this I will destroy all traffic besides Netflix from going to the main modem (modem 1 is general internet, modem 2 is supposed to run Netflix only). If I IPSET Amazon AWS (or Cloudflare) I will brake the connection from general stuff from going to the modem 1 (probably multiplayer games for example, that usually use Amazon AWS in my country to host game servers).

Thanks in advance and what a great script you've made for those using Asus Merlin firmware (my router is linksys, so I can't flash this firmware )

 

[Xentrk]

Hi Xentrk,

Thanks! I manage to get dnsmasq working after running all of your steps. Anyway I realize it is the ASN ipset that doing the routing after running both ipsets together.

admin@RT-AC68U-8320:/tmp/home/root# iptables -nvL PREROUTING -t mangle --line
Chain PREROUTING (policy ACCEPT 6027 packets, 3575K bytes)
num   pkts bytes target     prot opt in     out     source               destination
1     1382 1458K MARK       all  --  tun11  *       0.0.0.0/0            0.0.0.0/0            MARK xset 0x1/0x7
2     1228  210K MARK       all  --  br0    *       192.168.2.11         0.0.0.0/0            match-set NETFLIX2 dst MARK or 0x1000

I am getting "Error - you seems to be using an unblocker or proxy" on netflix when i try play a video through the VPN client. I am able to play the same video when i connect using the same VPN settings on another router (without x3routing).

I hope to be able to just use one router with routing rules instead of using two router and changing wifi connections when i need to play video of another region using my vpn. Do you think that is possible?

If you are getting the proxy error, then Netflix is able to detect you are using a VPN and will block the traffic. To route to the WAN specify the 0 as the interface.

If you use NordVPN or ExpressVPN, you have to set Accept DNS Configuration=Exclusive as they use the DNS pushed by the VPN tunnel as a proxy to avoid the blocks. My provider has Private or Dedicated IPs to get around NF blocks which allows me to use any DNS. If this is the case, then you may have to change to use the ASN method for NF, AS2906 as dnsmasq will be bypassed.

 

[andresmorago]

I've had issues in the past where the NS Lookup doesn't populate an IPSET list. But accessing the site via streaming service or a web browser does. So try that first.

Another thing is to look at Tools->Other Settings Tab - experiment with the setting Wan: Use local caching DNS server as system resolver (default: No). I have mine set to yes at the moment.

If you have Policy Rules enabled and Accept DNS Configuration=Exclusive, dnsmasq is bypassed which may also cause an issue.

For additional troubleshooting, you can use the diversion option f to follow the dnsmasq.log file. Or

tail -f /opt/var/log/dnsmasq.log

as you access NF on a device. You should see ipset log entries that it added ip addresses to the ipset list. To filter for the ipset messages, type

cat /opt/var/log/dnsmasq.log | grep ipset

Mar 15 19:11:46 dnsmasq[27342]: ipset add MOVETV 18.189.86.226 p-cg62-k8s1c-1684744468.us-east-2.elb.amazonaws.com
Mar 15 19:12:12 dnsmasq[27342]: ipset add MOVETV 151.101.10.68 p.slingtv.map.fastly.net
Mar 15 19:12:27 dnsmasq[27342]: ipset add MOVETV 74.206.223.26 p-col.gtm.movetv.com
Mar 15 19:12:27 dnsmasq[27342]: ipset add MOVETV 74.206.222.26 p-col.gtm.movetv.com
<snip>

hello
this occurs to me as well very frequently. i use pandora.com as a test website and it takes a heck lot of a time in order to actually show the not-geoblocked website.
i have the advised parameters as you as well.

is there anything else we could do in order to make the NS lookup a little bit more reliable?

 

[Xentrk]

hello
this occurs to me as well very frequently. i use pandora.com as a test website and it takes a heck lot of a time in order to actually show the not-geoblocked website.
i have the advised parameters as you as well.

is there anything else we could do in order to make the NS lookup a little bit more reliable?

See the local caching section on the GitHub page for more info on the cache setting.

I use diversion which did the dnsmasq setup. On the WAN page, I have Connect to DNS Server Automatically set to No + 1.1.1.1 as primary DNS and 1.0.0.1 as secondary DNS. I've had no issues with this setting or when using it in combination with DoT. I also experimented with unbound last month and the selective routing worked. I have Accept DNS Configuration set to Disabled on some VPN clients and Exclusive set on another client just so I can make sure all scenarios work. On the LAN-DNS Filter page, I have these settings to force all LAN clients to use DNS of the router.

 

[Xentrk]

Hey buddy!
I'm using OpenWRT with IPSET + MWAN3 to selective route Netflix.
As I could see from your script, you ipset some netflix domains (netflix.com,nflxext.com,nflximg.net,nflxso.net,nflxvideo.net) and also get the Netflix ASN IP's (
AS2906).

Using this same idea from yours, when I IPSET the netflix domains and send to my Netflix only modem I get easily browse all netflix catalog and use everything in netflix website, except for playback (I can see the title and as soon as I press play, netflix shows me an error). So them I got all Netflix IP's from the ASN AS2906 and send all the traffic from this ip's to the same Netflix only modem that I'm using IPSET. When I do this, Netflix stops working in some parts (and I still can't playback anything).

Can you help me out figure this out?
I even thought about using Wireshark and Burp to see the correct IP's I get so I could selective route all those.
Basically I have a LTE Simcard that only work in netflix (it's unlimited, but for Netflix only), so I'd like to use this modem to get all netflix traffic (it works great when I disable all network interfaces in Windows for example and plug the modem directly into my laptop, I can browse and playback everything in Netflix, so the problem is how to filter those ips/domains so I can use with my router).

Is anything that I'm missing?
I live in South America, so perhaps some IP's are different. So I'd like to know what could I do to get the correct IP's to playback (since the IPSET is working great and I can easily browse everything in Netflix).

It's weird because I thought the IPSET stuff would work just fine by itself (without the Netflix ASN), since the URL I can see in Burp when I playback something in Windows is a Open Connect CDN from My ISP ending in nflxvideo.net.

Btw, I can't for example IPSET the Amazon AWS domains (or Cloudflare), since by doing this I will destroy all traffic besides Netflix from going to the main modem (modem 1 is general internet, modem 2 is supposed to run Netflix only). If I IPSET Amazon AWS (or Cloudflare) I will brake the connection from general stuff from going to the modem 1 (probably multiplayer games for example, that usually use Amazon AWS in my country to host game servers).

Thanks in advance and what a great script you've made for those using Asus Merlin firmware (my router is linksys, so I can't flash this firmware )

For troubleshooting, you can use the getdomainnames.sh utility to mine domain names from dnsmasq. You can nslookup the domain name to get the IPv4 address. Then, use whob package to lookup the IP address to see what ASN it belongs to. You will need to edit the script to reflect the proper location and name for the dnsmasq.log file.

#ipset -L NETFLIX
<snip>
45.57.47.0/24
45.57.78.0/24
45.57.80.0/24
23.246.50.0/24
23.246.31.0/24

#whob 23.246.50.0/24

IP: 23.246.50.0
Origin-AS: 2906
Prefix: 23.246.50.0/24
AS-Path: 18106 4657 6762 2906
AS-Org-Name: Netflix Streaming Services Inc.
Org-Name: Netflix Streaming Services Inc.
Net-Name: NETFLIX-SS-3
Cache-Date: 1584431995

Also, refer to the troubleshooting tips section on the GitHub page. How are you creating your routing rules?

 

[Dew]

If you are getting the proxy error, then Netflix is able to detect you are using a VPN and will block the traffic. To route to the WAN specify the 0 as the interface.

If you use NordVPN or ExpressVPN, you have to set Accept DNS Configuration=Exclusive as they use the DNS pushed by the VPN tunnel as a proxy to avoid the blocks. My provider has Private or Dedicated IPs to get around NF blocks which allows me to use any DNS. If this is the case, then you may have to change to use the ASN method for NF, AS2906 as dnsmasq will be bypassed.

Hi Xentrk,

My VPN was able to avoid the NF blocks when I configure it on separate wifi network using another router so I guess the VPN is able to circumvent netflix check.

I guess most of you have your VPN for the whole of your network and you configure your NF traffic to go through WAN to overcome the NF VPN check but for my use case, I only want NF traffic to go the VPN connection so I can see NF video from another region.

Currently, using x3mrouting and through the VPN, I am able to browse the NF movie catalogue of another region using ASN ipset but it is very slow and I am getting the proxy error when i try to play a video.

Sorry for the long story but not sure if you understand? Is it possible to make it work this way?

 

[Xentrk]

Hi Xentrk,

My VPN was able to avoid the NF blocks when I configure it on separate wifi network using another router so I guess the VPN is able to circumvent netflix check.

I guess most of you have your VPN for the whole of your network and you configure your NF traffic to go through WAN to overcome the NF VPN check but for my use case, I only want NF traffic to go the VPN connection so I can see NF video from another region.

Currently, using x3mrouting and through the VPN, I am able to browse the NF movie catalogue of another region using ASN ipset but it is very slow and I am getting the proxy error when i try to play a video.

Sorry for the long story but not sure if you understand? Is it possible to make it work this way?

The AS2906 or Netflix domains method works for me where I live. I can use either one to talk to local NF or NF half way across the globe. Slowness may have to do with the CPU of your router, encryption level and distance to VPN server. There was a one off edge case where a person in the EU had to combine AS2906 with the dnsmasq method using the NF top level domain names.

You should start with analyzing dnsmasq, lookup the domain names to get IPv4 address, enter a few in https://bgp.he.net/ to see what ASN they belong to.

The code that creates the routing rules is tightly coupled with Asuswrt-Merlin firmware, especially the OpenVPN code. So that may be where things are failing since you are using Open-WRT. Check the routing rules to see if traffic is traversing the iptables chain.

 

[TechTinkerer]

@Xentrk is it still possible to harvest using dnsmasq for usa sites like disney+ or sling tv as they use geoblocking...so from what i've read i would have to turn off my vpn would i have any issue getting the hostnames etc with them geoblocking does it matter as was going to try your script getdomainnames.sh to mine app hostnames that each iptv apps use?

looking at install option 3 for routing for wan and vpn etc

if i use that option 3 will i need to create dummyvpn client and if so what is the template for setting it up look like?

p.s. if i cant use the app disney+ (geobock) to generate mining hostnames with my vpn being off would this be the case to use ASN for routing?

Thanks for all your help
rt-ac86u 384.16 beta 1

 

[Xentrk]

@Xentrk is it still possible to harvest using dnsmasq for usa sites like disney+ or sling tv as they use geoblocking...so from what i've read i would have to turn off my vpn would i have any issue getting the hostnames etc with them geoblocking does it matter as was going to try your script getdomainnames.sh to mine app hostnames that each iptv apps use?

looking at install option 3 for routing for wan and vpn etc

if i use that option 3 will i need to create dummyvpn client and if so what is the template for setting it up look like?

p.s. if i cant use the app disney+ (geobock) to generate mining hostnames with my vpn being off would this be the case to use ASN for routing?

Thanks for all your help
rt-ac86u 384.16 beta 1

Yes, dnsmasq.log is the method I use to harvest domain names for streaming services. The getdomainnames.sh script will sort out the list and eliminate duplicates. You can use it with the traffic either going thru the WAN or VPN. If a streaming service requires an IP in US for example, then set all traffic to use a VPN server in the geo location required, then, mine dnsmasq.log to get the domain names. Then, use the ASN or dnsmasq method to define a rule. Go back and enable policy routing and test.

I had disney plus working after it first came out. But I cancelled my subscription after a day or two. I think I looked at the source code on their web page to get the domain names. I right click on the webpage and select the view source option. I then search for .com and .net.

Sling requires that you use a server in the US. They don't block known VPN servers like other streaming services. There is a picture of an example DummyVPN entry above the DummyVPN write up on the GitHub page.

 

[OKLY]

My router is connected to a VPN server all the time. I'd like to exclude certain IP addresses from being routed through the VPN. Example like Google, as Youtube content may have certain country restrictions and I'm unable to watch my usual content when connected to the VPN.

Is there a way x3mrouting can help me out?

 

[TechTinkerer]

Yes, dnsmasq.log is the method I use to harvest domain names for streaming services. The getdomainnames.sh script will sort out the list and eliminate duplicates. You can use it with the traffic either going thru the WAN or VPN. If a streaming service requires an IP in US for example, then set all traffic to use a VPN server in the geo location required, then, mine dnsmasq.log to get the domain names. Then, use the ASN or dnsmasq method to define a rule. Go back and enable policy routing and test.

I had disney plus working after it first came out. But I cancelled my subscription after a day or two. I think I looked at the source code on their web page to get the domain names. I right click on the webpage and select the view source option. I then search for .com and .net.

Sling requires that you use a server in the US. They don't block known VPN servers like other streaming services. There is a picture of an example DummyVPN entry above the DummyVPN write up on the GitHub page.

Thankyou @Xentrk it's just piecing together how it all works. Which method is best dnsmasq or asn i mean for hostnames\ip's lists staying up to date?

FYI: i have a netflix, amazon and disney+ capable vpn....im currently weighing up if disney+ is worth it for my daughter...but seems like a good deal with included espn and hulu too, uk disney+ is rather lacking so not bothering with their pre-order special price.

 

[Xentrk]

Thankyou @Xentrk it's just piecing together how it all works. Which method is best dnsmasq or asn i mean for hostnames\ip's lists staying up to date?

FYI: i have a netflix, amazon and disney+ capable vpn....im currently weighing up if disney+ is worth it for my daughter...but seems like a good deal with included espn and hulu too, uk disney+ is rather lacking so not bothering with their pre-order special price.

Either one should work fine. But I do suspect that dnsmasq method may work best for streaming services that use Content Delivery Networks to cache content closer to the users geolocation. I did have two services where using the ASN method didn't work. It worked with the dnsmasq method though.