Target specific routing for Amazon Prime Video

[sherlock.holmes 3]

I am trying to find a solution for the issue of blocked AirVPN servers by Amazon Prime Video. Could somebody help me out with an iptables based solution to circumvent vpn and connect directly to their (Amazons) servers (but still routing all other traffic through the vpn tunnel)? Currently I am using:

iptables -I FORWARD -i br0 -o tun1 -j ACCEPT
iptables -I FORWARD -i tun1 -o br0 -j ACCEPT
iptables -I FORWARD -i br0 -o vlan2 -j DROP
iptables -I INPUT -i tun1 -j REJECT
iptables -t nat -A POSTROUTING -o tun1 -j MASQUERADE

vlan2 is my virtual interface for the wan port. What would be the best option to implement a target specific routing? I am running the AirVPN client on a ddwrt router.

[Ernst89 11]

Routing specifically to Amazon Prime Video is problematic. For VPN detection they appear to use a large number of server IP addresses which change frequently and overlap with a lot of other web sites. Even a dynamically updating routing solution such as pfBlockerNG fails regularly, i.e. Amazon often detects VPN usage.

So instead I use a Squid proxy server, set up to route via the WAN. From the Chrome browser I use the extension "Proxy SwitchyOmega" to automatically use the squid proxy just for  my local amazon url (*.amazon.co.uk).

This prevents the Amazon Prime Video VPN block, even though I suspect the Video stream is still via the VPN.


 

[OpenSourcerer 1432]

38 minutes ago, Ernst89 said:

From the Chrome browser I use the extension "Proxy SwitchyOmega" to automatically use the squid proxy just for  my local amazon url (*.amazon.co.uk).

Another way is to use a Proxy Auto-Config file. In this file you write which addresses, domains, URLs, etc. should be proxied through which server and which ones are to be routed directly. Then you configure your browser or system to use that file for proxying decisions. The big advantage is that you only need to edit the file to change the ruleset, and you can simply add this proxy file in other programs as well to take advantage of it. If you host it somewhere in your local network, even other devices and the programs they run can be configured as such. Downside: It's slightly techy, the file must be written in a JavaScript syntax, a very small amount of programming knowledge helps in avoiding syntax errors. But there are examples.

For Chrome/Chromium, the only proxy setting I'm seeing is a link to the system proxy settings, so I suspect Chromium doesn't have proxy settings but uses whatever the system dictates. And every OS I know of can be configured to use that PAC file.