Bypass VPN for specific domain names (Netflix, Hulu) via custom configuration in OpenVPN (Tomato, DD-WRT,router)

[quesadillaLOVER 5]

This is only a solution for people in their home country willing/wanting to bypass the VPN to access their Netflix account.  Does not help for out-of-country Netflix access.  

 

I was surprised to not see this in the forum, as it's very simple and works.  It is a very short script added to the Custom Configuration which pulls the current IP addresses for a domain name (Netflix.com, Hulu.com) and routes those addresses "around" the VPN.

 

allow-pull-fqdn
route www.netflix.com 255.255.255.255 net_gateway

 

So far I've been using this for a day, and had to restart things one time to get it to pick up new addresses.  I would like to find a way to run this at regular intervals to add to the IP list (without duplicating addresses already in the list).

[quesadillaLOVER 5]

Well just took a day for that to stop working.  Netflix IPs change FAST.  I just ran nslookup for netflix.com... the addresses change every time I run the command.  Even after five seconds, there several new IPs.  I guess it really is difficult to bypass openVPN for a domain name like that. 

 

That said, there are only so many IP addresses that Netflix can use.  It seems like there could be a script that checks the addresses every few seconds and re-builds a local list.  Eventually the list would be 99% accurate, and refreshes to the script would make it complete.

[quesadillaLOVER 5]

I keep on plugging away at figuring out a solution.  For those interested in pursuing this, there is a complete list of Netflix IP ranges. I suppose it's possible to script all those into the router and use the basic route command to get them all to avoid the VPN.

 

I'm also considering redirecting Netflix traffic to a different port, marking packets from that port, then routing the marked packets around the VPN.

 

At this point though, I'm probably going to try using the airvpn software to create a new network connection, then ForceBindIP to force a certain application to use the regular (non-VPN) network connection.  Then I'll use Internet Explorer (or whatever) for Netflix, Hulu, and any other non-sensitive traffic, and the rest of my connections will go through the VPN.

 

If there's a security flaw/leak in this method, feel free to chime in.

[NaDre 159]

An alternative to using ForceBindIP for browsing is to use the HTTP proxy Squid/Cygwin. See this::

 

https://airvpn.org/topic/9491-guide-to-setting-up-vpn-just-for-torrenting-on-windows/?p=49046

 

The description there is for browsing using the VPN when you use the VPN only for selected things (torrents and browsing/ripping geo-restricted sites). But you could put your non-VPN interface and DNS server addresses into the config file instead.

[techterrain 4]

  On 10/9/2016 at 8:02 PM, quesadillaLOVER said:

I keep on plugging away at figuring out a solution.  For those interested in pursuing this, there is a complete list of Netflix IP ranges. I suppose it's possible to script all those into the router and use the basic route command to get them all to avoid the VPN.

 

I'm also considering redirecting Netflix traffic to a different port, marking packets from that port, then routing the marked packets around the VPN.

 

At this point though, I'm probably going to try using the airvpn software to create a new network connection, then ForceBindIP to force a certain application to use the regular (non-VPN) network connection.  Then I'll use Internet Explorer (or whatever) for Netflix, Hulu, and any other non-sensitive traffic, and the rest of my connections will go through the VPN.

 

If there's a security flaw/leak in this method, feel free to chime in.

Hey there,

 

using ForceBindIP to use a dedicated browser to use your home IP is exactly what I am missing with AIrVPN so far. I had been able to do so while using another VPN but cannot get it to work with network lock enabled, even when new rules are added to the firewall after activation of network lock has been enabled. The funny thing is, the bypass via ForceBindIP is possible when using wifi, but not with a wired connection. I am in Win10, by the way. Any chance you got ForceBindIP working with network lock on and on a wired connection to your router?

 

Cheers!

[elipeordan112 0]

Firs of all I wanna thank all Viscosity developers for a wonderful soft they created.
And now let's get to buziness =)
I need to visit some domains thru my local provider, but not thru openvpn connection, which is constantly established here. I know about ip-based route exceptions, however the problem is that most of that websites use a numerous number of ip addresses and it's almost impossible to add all of them.
Is there any way of routing domains, but not ip addresses in the way I need? Maybe some 3rd-party software, if Viscosity can't make it?

[OpenSourcerer 1467]

  Quote

Is there any way of routing domains, but not ip addresses in the way I need?

 

An OS's routing table uses IP addresses, so no, domains won't work. You're also not the only one wanting this, I fear there's no other way. Even adding all IP ranges sometimes doesn't yield the desired effects, especially with Netflix.

[Stack of computer parts 9]

I sat on tech support with netflix and bitched about not being able to use my vpn and demanding a real answer. They are very cagey with information and would loop around the same question "why do you use a vpn" over and over again thinking they could wear me down. I even asked them why they could not lock my account to my billing address since Ive had netflix for years it is clearly me, and not some guy in another country wanting to watch shows in mine. Never the less it didn't yield much for a laughable answer that I should talk to my ISP and have them host my VPN using the IP addy that was originally assigned to me as closely geographically tied to my physical address as possible(he gave no ranges, I assume the radius is centered around my ISP). I have looked for local proxies around my house but there really arent any to see if that might work.

 

My solution was to just use a switch and a roku box. I tried this before when roku first came out and it was terrible, but the 4k one is quite nice. Granted, this wont help someone whose primary screen is a laptop but it suits my needs. A chromecast also works and could be used to 'cast' the video feed to your screen of choice but using a phone as a remote was annoying.

[zhang888 1067]

The complete solution for laptop users is install a VM which will be bridged on the ethernet/wireless adapter and bypass VPN.

If you run VPN on the router you can exclude that VM IP and route it via WAN.

[zqwvyx 2]

I wrote a quick Lua script that parses the address ranges from ipinfo.io and converts them to OpenVPN routes. Here's a link to the code: http://bit.ly/2Gu8Q2Y

Here's a list of routes that covers all the current Netflix ranges: https://pastebin.com/raw/zRyv6KDj

[REVMrSubgeneNYN 0]

Hey, thanks... I did not know I could do this. Got my hulu running with routing, everything else Netflix, etc... works fine through the Air(vpn) xd

 

This is only a solution for people in their home country willing/wanting to bypass the VPN to access their Netflix account.  Does not help for out-of-country Netflix access.  

 

I was surprised to not see this in the forum, as it's very simple and works.  It is a very short script added to the Custom Configuration which pulls the current IP addresses for a domain name (Netflix.com, Hulu.com) and routes those addresses "around" the VPN.

 

allow-pull-fqdn
route www.netflix.com 255.255.255.255 net_gateway

 

So far I've been using this for a day, and had to restart things one time to get it to pick up new addresses.  I would like to find a way to run this at regular intervals to add to the IP list (without duplicating addresses already in the list).