I am using NordVPN on Beryl AX via the WireGuard GUI gl.inet. Spotify was a bit temperamental, but the real problem is Instagram, which keeps threatening to ban me for automated behavior. I set up 2FA to prevent others from using my account, then I created the following whitelist for streaming, social media, and bot detectors using Gemini, ChatGPT search, and Deepseek deep learning
akadns dot net
akamai dot net
akamaihd dot net
akamaized dot net
amazon dot com
amazonvideo dot com
apple-dns dot net
apple dot com
arkoselabs dot com
atdmt dot com
bamgrid dot com
cdn-cgi dot com
cdninstagram dot com
cf-bypass dot com
cloudflare dot com
cloudflare dot com
cloudflare dot net
cloudflareresolve dot com
dazn dot com
daznservices dot com
disney dot api dot edge dot bamgrid dot com
disneyplus dot com
disneystreaming dot com
dssott dot com
edgekey dot net
facebook dot com
facebook dot net
fastly dot net
fb dot com
fbcdn dot net
fbsbx dot com
google dot com
googleapis dot com
googlevideo dot com
graph dot instagram dot com
gstatic dot com
hbomax dot com
hcaptcha dot com
hulu dot com
instagram dot com
instagram dot net
instagram dot org
instagramstatic dot com
licdn dot com
linkedin dot com
m dot me
media-amazon dot com
mediaset dot it
mediasetinfinity dot it
messenger dot com
mzstatic dot com
netflix dot com
netflix dot net
netflixdn dot net
nflxext dot com
nflximg dot com
nflximg dot net
nflxsearch dot net
nflxso dot net
nflxvideo dot net
nowtv dot it
oculus dot com
pinimg dot com
pinterest dot com
primevideo dot com
pscdn dot co
rai dot it
rainews dot it
raiplay dot it
ravenjs dot com
recaptcha dot com
recaptcha dot net
reddit dot com
redditmedia dot com
sc-cdn dot net
scdn dot co
signal dot org
sky dot it
skygo dot it
skysports dot com
snapchat dot com
spotify dot com
spotifycdn dot com
spotifycdn dot net
spotilocal dot com
t dot co
tiktok dot com
tiktokcdn dot com
ttvnw dot net
tvsat dot it
twimg dot com
twitch dot tv
twitter dot com
whatsapp dot com
x dot com
youtu dot be
youtube dot com
ytimg dot com
in gl.inet's policy-based routing (I had already tried with luci but it was unstable, perhaps because wireguard was managed by gl.inet services). Now Spotify is fine, Netflix sometimes needs to be restarted, and Instagram continues to threaten me.
Obviously, my intention is not to bypass them, I use servers in my country, I just want to protect myself from any vulnerabilities exploited in ghost sites, so if you propose a much broader policy to solve the problem, even based on custom routes or IP tables, I welcome it.
Also, since we're on the subject, I'm wondering if it's possible to use WireGuard beyond 550MB by using multiple instances. With StrongSwan, I could start multiple IKEv2 connections, and I think that would work here too, but would they add up to the 550MB stated in the presentation?