[SOLVED] VPN client setup

[Jan86]

Hi. We have a wifi router in our house. I set up vpn client on this router, so that every device in the house can utilize more secure and private internet access. So far so good.
Well, now the problems come. We want to use Netflix and our vpn providers' servers are blacklisted. No matter that we don't use the vpn to bypass Netflix geographical restrictions, we are connected to vpn server in the same country as we are located. I can see that for Netflix it is just easier to maintain an IP blacklist than pro-client individual approach. Thank you NF.
My question is not how to use vpn and Netflix. I have read a lot about that - finding a non-blacklisted server today only to find out that it is blacklisted tomorrow. Is there a way, how to connect to Netflix specifically without vpn, keeping the vpn client setup for all our other internet traffic? Are there any routers, that support some kind of feature for vpn client setup, that allows to add specific exceptions that will be not routed via vpn? Or is there any other solution to that? I don't want to sacrifice vpn service completely, I'd rather say goodbye to NF.

 

[Alabalcho]

There's a way, just not with off-the-shelf consumer routers. Or

• use separate device to provide VPN client setup, and connect to it when necessary
• move VPN clients to devices

 

[bill001g]

It depends on the VPN client in the router. I have only used asus routers with merlin lately and it allows you to put in lists of ip to bypass the vpn. So you could put the netflix ip in the list to bypass. It would then use your local ip for netflix.

I think the bases asus code and tplink vpn clients also support this.....don't know for sure.

Be very careful vpn really puts lot of load on your route. If you have a very fast connection you might consider a actual dual nic pc running as a firewall.

 

[Jan86]

It depends on the VPN client in the router. I have only used asus routers with merlin lately and it allows you to put in lists of ip to bypass the vpn.

Thanks a lot, I'll order rt-ac66u_b1, feed it with merlin and give it a shot.

 

[bill001g]

Don't know how fast your internet is but the ac86u has a hardware vpn assist that lets it get 200+mbps. Most other routers will top out at 30m.

 

[Jan86]

I had tried to set it all up in the past days - no luck with single router configuration. After all I had to set up a dual router in order to have two different networks, one with VPN client and one without. Now we need to switch between them when accessing internet from our devices. This is not ideal, but it works.
The problem with policy based routing is that it kinda works more with source IP settings (i.e. you filter VPN bypass by device in the network) rather than with destination IP (i.e. server you are connecting to). By default all the traffic goes through WAN and you have to add exceptions. When trying to set a rule "all source IPs to all destination IPs through VPN" it worked, but when I added a second rule "all source IPs to a specific destination IP through WAN" the VPN client failed completely and all the traffic went through WAN (local ISP).
I found some elaborate solutions online that were so complex, including writing your own configuring script, that I gave up.
Dual network is annoying, but so far I can't come up with something better.