Joined: 18 Mar 2014 Posts: 3781 Location: Netherlands
Posted: Thu Aug 08, 2019 11:51 Post subject:
The first posting details how to do that:
Destination based routing is standard for OVPN, in the additional config you can enter destinations by IP address or URL and specify whether these should be routed through WAN or VPN e.g:
route 220.127.116.11 255.255.255.255 vpn_gateway # DNS server PIA
route 18.104.22.168 255.255.255.255 vpn_gateway # DNS server PIA
route 22.214.171.124 255.255.255.255 vpn_gateway #whatsmyip.org
route 126.96.36.199 255.255.255.255 net_gateway # ipleak.net
route 188.8.131.52 255.255.255.255 vpn_gateway #dnsleaktest.com
route 184.108.40.206 255.255.0.0 vpn_gateway #BBC
route amazon.com 255.255.255.255 net_gateway # Routing by URL only with 255.255.255.255
It also details that that is impossible with the standard PBR in DDWRT.
You can use the script as described in the first posting but Netflix uses so many different and changing IP's that it is very difficult.
FYI: !!Maybe!! (Was surprised VPN kill must be executed before pbr, else important table 11 entries are deleted. Easy fix: place pbr script after kill in firewall startup
Update: Using 192.168.1.16/31 for 2 excluded IPs. Works great. Thanks again
Update to running pbr in rc_firewall. Not a good idea. rc_firewall runs 3 times for me: at startup, after getting WAN ip, and after getting tun1 ip. Still works, but not ideal
Update @?#!: On second thought, since iptables screws with the routing table AND it runs with an OpenVPN ip change maybe pbr should run again... I'm still working on a fail-safe solution to keeping it running all the time.