AX1800 Flint - VPN policy doesnt work with certain domains

AX1800 Flint - VPN policy doesnt work with certain domains, for example

Note: i have disabled adguard and have just manual DNS.

please advice.

Do you mean “VPN Policy Base on the Target Domain or IP” ?

Yes and its comsuming my vpn bandwidth

The reason is not working because YouTube get resolved to many subdomains and IPs!

If you run wirehsark/tcpdump (or the developers tools in a browser) while watching a video, you can see different IPs/subdomains are being used for streaming/searching/commenting/load balancing…etc.

Of course, there are multiple technical ways to solve this. But before you try to get YouTube through your tunnel, try to use a simple website that always resolved to the same IP and check of the VPN policy is working as expected.

Websites with single ip works fine only im facing issue with social media like youtube, Facebook, Instagram etc.

Just for reference, please try adding these domains

Blocking youtube Android app from router - Super User

1 Like

add just will include all the sub domains right ?

or i have to manually add all ?

These websites have distributed servers with many IPs for load balancing. Therefore you need to find all their subdomains in order to properly get the traffic through the VPN.

seems to work, ill keep this under monitoring for some and feedback. Moreover, as this is working can i enable adguard too ?

Yes, it will include all the sub domains.

You can enabled Adguard Home. but you should disabled “AdGuard Home Handle Client Requests” option.

1 Like

Thanks it does work. I see big difference in vpn bandwidth.

what if i just want to route WhatsApp traffic with all features through VPN, what are the domains i have to put ?

@yuxin.zou your kind support in here !!

Please refer to
WhatsApp - Domains, IPs and App Information (
Subdomains of - SecurityTrails

1 Like

I tried before but whatsapp call (audio and video) doesn’t work.


I guess you need add some IPs to list.
HOWTO blocking WhatsApp · ukanth/afwall Wiki (

1 Like

Just Woundering how many entries we can have to the list. I mean the maximum

And when u say some ips, that means the following only?

There is no limit to the number of entries.

Yes, you can try them.
If VPN still not work, You’ll just have to try to capture the packet.
[OpenWrt Wiki] How to capture, filter and inspect packets using tcpdump or wireshark tools

1 Like

Doesnt work, what packet captures u need? If you share me i can take one for you to analyze.

Thanks for responding @yuxin.zou

Captures which IPs were requested at the time of the whatsapp call. Then you can add them to the list.
But I guess these IPs may change dynamically, so you’ll have to analyze it yourself every time it doesn’t work.

1 Like