Best VPN bypass option for streaming services

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking
Author Message
dweade
DD-WRT Novice


Joined: 28 Oct 2008
Posts: 6

PostPosted: Sat Dec 21, 2019 16:35    Post subject: Best VPN bypass option for streaming services Reply with quote
Hello all, I happily back to using dd-wrt after moving to a mesh network for a few years. Bought a Netger R6400v2 and flashed it yesterday, then successfully set up my VPN service.

I'm pulling respectable speeds of around 40mbps through, which is fine. But that drops faster via VPN when a stream from Netflix or Hulu is playing. So my next phase is to try to bypass the VPN with my streaming services and not quite sure of the best method.

From what I gather from reading many threads, there are two options: redirect the IP addresses for the various streaming services or redirect all traffic for the devices. Many of the threads I've found are older so I'm not sure how much those points remain valid with the newest builds.

I suspect redirecting three Roku devices is probably easiest. I'm okay with streams to computer and tablets going through the VPN every so often. But can anyone confirm this sounds like my best solution? And if you know of any rock solid tutorials on the process, that is also appreciated.

I should also point out my aim is to limp through a year or so with the R6400 until the newer VPN enabled routers with the faster chips come down in price.

Thanks in advance
Sponsor
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4657
Location: Netherlands

PostPosted: Sat Dec 21, 2019 16:43    Post subject: Reply with quote
Have a look at Policy based routing (PBR)

See my signature at the bottom of this post

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
dweade
DD-WRT Novice


Joined: 28 Oct 2008
Posts: 6

PostPosted: Sat Dec 21, 2019 18:06    Post subject: Reply with quote
Thanks, egc. Please clarify if I understand this correctly. I take my range of IP addresses (192.168.0.1 to 192.168.0.99, for example) and set all between .1 and .49 through the VPN and all of those between .50 and .99 as through my provider. Then I reserve IP addresses for each device depending on whether I want the device to be encrypted or not. From there, the router will route traffic to each as ordered.

If that's correct, I'm going to try the dd-wrt app to reserve the ip addresses and see if I can get this going. Loving what I"m seeing in the mobile app.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4657
Location: Netherlands

PostPosted: Sun Dec 22, 2019 11:30    Post subject: Reply with quote
You can use it even more simple.

Give the clients you want to use the VPN a static lease, i.e. give a client a static lease of 192.168.1.80. and an other client 192.168.1.70

In the PBR box of the VPN client add:
192.168.1.80/32
192.168.1.70/32

Now those clients will use the VPN and others not.

You can make it easy for yourself to group the clients and use the CIDR calculator.

Lets say I have my DHCP scope from 192.168.1.64 - 192.168.127 and I want all my DHCP clients to use the VPN (and I set static leases outside this scope for clients NOT using the VPN).

Now in the PBR box simply add:
192.168.1.64/26

This will route the whole DHCP range via the VPN

_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
dweade
DD-WRT Novice


Joined: 28 Oct 2008
Posts: 6

PostPosted: Tue Dec 24, 2019 1:49    Post subject: Reply with quote
Being able to add /32 to force the device through the VPN is interesting. But won't that require a reserved IP for every device I want to use the VPN, which is nearly all? Is there a code (I assume both /32 and /26 code a specific response) for the opposite-forcing specific devices around the VPN? This is what I need, so I can just send those three Roku through the regular network.

Is there a list of these "toggles" somewhere? What is the technical term for these?

Thanks again
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 4657
Location: Netherlands

PostPosted: Tue Dec 24, 2019 7:08    Post subject: Reply with quote
That is all explained in the PBR guide, unfortunately I can not explain it any easier Sad
_________________
Routers:Netgear R7800, Netgear R6400v1, Netgear R6400v2, Linksys EA6900 (XvortexCFE), Linksys E2000 (converted WRT320N), WRT54GS v1.
Install guide Linksys EA6900: http://www.dd-wrt.com/phpBB2/viewtopic.php?t=291230
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
dweade
DD-WRT Novice


Joined: 28 Oct 2008
Posts: 6

PostPosted: Mon Dec 30, 2019 22:00    Post subject: Reply with quote
Have to admit this CIDR conversion is not the best thought out solution. I'll continue hoping dd-wrt can eventually allow a simple series of settings with "Put this range of IP addresses through the VPN" and "Put this range of IP addresses through the net."

That said, I think I've figured this out. Finally had time to really dig in and believe using the following in the Policy based Routing box will force all devices in this range through the VPN while those above 192.168.0.190 will go straight through my provider.

192.168.0.100/30
192.168.0.104/29
192.168.0.112/28
192.168.0.128/27
192.168.0.160/28
192.168.0.176/29
192.168.0.184/30
192.168.0.188/31

Going to pull the trigger on this after everyone goes to bed and then test. If you get to this first and see any fault in my logic, please correct me. Thanks again.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Advanced Networking All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum