AX1800 Flint - VPN policy doesnt work with certain domains

ahhydri · June 13, 2023, 6:29pm

AX1800 Flint - VPN policy doesnt work with certain domains, for example youtube.com

Note: i have disabled adguard and have just manual DNS.

please advice.

SpitzAX3000 · June 14, 2023, 12:38am

Do you mean “VPN Policy Base on the Target Domain or IP” ?

ahhydri · June 14, 2023, 4:14am

Yes and its comsuming my vpn bandwidth

SpitzAX3000 · June 14, 2023, 4:24am

The reason is not working because YouTube get resolved to many subdomains and IPs!

If you run wirehsark/tcpdump (or the developers tools in a browser) while watching a video, you can see different IPs/subdomains are being used for streaming/searching/commenting/load balancing…etc.

Of course, there are multiple technical ways to solve this. But before you try to get YouTube through your tunnel, try to use a simple website that always resolved to the same IP and check of the VPN policy is working as expected.

ahhydri · June 14, 2023, 6:02am

Websites with single ip works fine only im facing issue with social media like youtube, Facebook, Instagram etc.

yuxin.zou · June 14, 2023, 9:26am

Just for reference, please try adding these domains

youtube.com
youtube-ui.l.google.com
youtubei.googleapis.com
googlevideo.com
ggpht.com
ytimg.com
ytimg.l.google.com
s.ytimg.com
ytstatic.l.google.com

Blocking youtube Android app from router - Super User

ahhydri · June 14, 2023, 10:43am

add just google.com will include all the sub domains right ?

or i have to manually add all ?

SpitzAX3000 · June 14, 2023, 1:16pm

These websites have distributed servers with many IPs for load balancing. Therefore you need to find all their subdomains in order to properly get the traffic through the VPN.

ahhydri · June 14, 2023, 2:50pm

seems to work, ill keep this under monitoring for some and feedback. Moreover, as this is working can i enable adguard too ?

yuxin.zou · June 15, 2023, 1:41am

Yes, it will include all the sub domains.

You can enabled Adguard Home. but you should disabled “AdGuard Home Handle Client Requests” option.

ahhydri · June 15, 2023, 4:33am

Thanks it does work. I see big difference in vpn bandwidth.

ahhydri · June 25, 2023, 5:30am

what if i just want to route WhatsApp traffic with all features through VPN, what are the domains i have to put ?

@yuxin.zou your kind support in here !!

yuxin.zou · June 26, 2023, 1:32am

Please refer to
WhatsApp - Domains, IPs and App Information (netify.ai)
Subdomains of whatsapp.com - SecurityTrails

ahhydri · June 26, 2023, 11:38am

I tried netofy.ai before but whatsapp call (audio and video) doesn’t work.

@yuxin.zou

yuxin.zou · June 27, 2023, 1:26am

I guess you need add some IPs to list.
HOWTO blocking WhatsApp · ukanth/afwall Wiki (github.com)

ahhydri · June 27, 2023, 11:18am

Just Woundering how many entries we can have to the list. I mean the maximum

ahhydri · June 27, 2023, 11:20am

And when u say some ips, that means the following only?

yuxin.zou · June 28, 2023, 1:29am

There is no limit to the number of entries.

Yes, you can try them.
If VPN still not work, You’ll just have to try to capture the packet.
[OpenWrt Wiki] How to capture, filter and inspect packets using tcpdump or wireshark tools

ahhydri · June 28, 2023, 2:09am

Doesnt work, what packet captures u need? If you share me i can take one for you to analyze.

Thanks for responding @yuxin.zou

yuxin.zou · June 28, 2023, 2:14am

Captures which IPs were requested at the time of the whatsapp call. Then you can add them to the list.
But I guess these IPs may change dynamically, so you’ll have to analyze it yourself every time it doesn’t work.