Hi,
Apologies for this being a newbie question. I haven’t worked with networking equipment for quite a few years.
I am still in the process of deciding to buy a device. The reason I am thinking of buying the device is that I don’t want to be tied to an ISP where I am renting in the UK, but also and more importantly, I need to be able to take the device with me to use in Ukraine when I am over there, so dual sim is a requirement for failover.
I had read on the old forums how to setup a VPN (using WireGuard) to route all traffic through it. Whilst using VPN on my Mac, I have noticed that quite a few sites I use will not allow me to use the VPN eg O2 mobile phone accounts page.
My question should be quite simple (I hope), and that the gurus here can help.
Is there a way to bypass the VPN by DNS domain? How would I configure this?
Currently, there isn’t a direct way to achieve your requirements. However, with the help of an additional package and some custom scripting, you can create a workaround.
Here is one of the ways to achieve this. However, keep in mind that this involves a fair bit of setup.
The core of this solution is the vpn-policy-routing OpenWRT package, which enables the splitting of traffic between your typical WAN connection and your VPN. Nevertheless, this package operates on IP addresses, not URLs or domains.
To work around this, you’ll establish the routing based on the IP addresses first, and then write a script to keep these IP addresses updated based on their associated domain names. The process would look something like this:
Set up vpn-policy-routing with IP addresses of the websites you wish to route differently (use nslookup command to resolve the hostname).
Create a script that performs a DNS lookup (nslookup) to get the current IP addresses for those domain names.
The script should then compare these IP addresses with those in your vpn-policy-routing setup.
If there are differences, the script should update the vpn-policy-routing configuration accordingly.
Schedule this script to run at regular intervals (such as every 5 minutes) using crontab.
This way, you essentially establish a dynamic mapping that adjusts based on changes to the IP addresses of your selected domains, emulating domain-based routing. Essentially, this should allow you to have something similar to what you are looking for.
For the package and its configuration, I suggest you take a look at the forum post here.
The script can be similar to the one here. However, you will need to modify it to resolve the specific hostnames you’re interested in, as well as to adjust the relevant vpn-policy-routing configurations.
If you are unfamiliar with UCI command usage, I suggest visiting a wiki page here.
Hi,
That is a brilliant and clear explanation. Thank you for this.
Am I correct to think that I would need multiple cron scripts - one for each domain? I think I would be needing a few, it still surprises me that the sites that really should have VPN protections (banks etc) deny you from connecting on a VPN.