AX1800 Flint - VPN policy doesnt work with certain domains, for example youtube.com
Note: i have disabled adguard and have just manual DNS.
please advice.
AX1800 Flint - VPN policy doesnt work with certain domains, for example youtube.com
Note: i have disabled adguard and have just manual DNS.
please advice.
Do you mean “VPN Policy Base on the Target Domain or IP” ?
Yes and its comsuming my vpn bandwidth
The reason is not working because YouTube get resolved to many subdomains and IPs!
If you run wirehsark/tcpdump (or the developers tools in a browser) while watching a video, you can see different IPs/subdomains are being used for streaming/searching/commenting/load balancing…etc.
Of course, there are multiple technical ways to solve this. But before you try to get YouTube through your tunnel, try to use a simple website that always resolved to the same IP and check of the VPN policy is working as expected.
Websites with single ip works fine only im facing issue with social media like youtube, Facebook, Instagram etc.
Just for reference, please try adding these domains
youtube.com
youtube-ui.l.google.com
youtubei.googleapis.com
googlevideo.com
ggpht.com
ytimg.com
ytimg.l.google.com
s.ytimg.com
ytstatic.l.google.com
add just google.com will include all the sub domains right ?
or i have to manually add all ?
These websites have distributed servers with many IPs for load balancing. Therefore you need to find all their subdomains in order to properly get the traffic through the VPN.
seems to work, ill keep this under monitoring for some and feedback. Moreover, as this is working can i enable adguard too ?
Yes, it will include all the sub domains.
You can enabled Adguard Home. but you should disabled “AdGuard Home Handle Client Requests” option.
Thanks it does work. I see big difference in vpn bandwidth.
what if i just want to route WhatsApp traffic with all features through VPN, what are the domains i have to put ?
@yuxin.zou your kind support in here !!
Please refer to
WhatsApp - Domains, IPs and App Information (netify.ai)
Subdomains of whatsapp.com - SecurityTrails
I tried netofy.ai before but whatsapp call (audio and video) doesn’t work.
I guess you need add some IPs to list.
HOWTO blocking WhatsApp · ukanth/afwall Wiki (github.com)
Just Woundering how many entries we can have to the list. I mean the maximum
There is no limit to the number of entries.
Yes, you can try them.
If VPN still not work, You’ll just have to try to capture the packet.
[OpenWrt Wiki] How to capture, filter and inspect packets using tcpdump or wireshark tools
Doesnt work, what packet captures u need? If you share me i can take one for you to analyze.
Thanks for responding @yuxin.zou
Captures which IPs were requested at the time of the whatsapp call. Then you can add them to the list.
But I guess these IPs may change dynamically, so you’ll have to analyze it yourself every time it doesn’t work.