How to Use VPN Policy to ByPass ALL Websites from China?

I’m living in China and I’ve been using the GL-inet routers mainly for the purpose of visiting blocked websites in China.

I’ve been using the WireGuard plugin under the VPN section to unblock websites.

However, it’d be nice if I can only use VPN to visit websites that are blocked in China. I see there’s a VPN policy section where I can specify which domains/IPs can be bypassed. Is it possible to use it along with ChinaDNS or other similar services to let my WireGuard VPN to bypass ALL IPs from China? How to do it (I’m happy with command line options as well)?

Thanks!

i am also looking for a similar solution, thinking of using chnroute like what shadowsocks + chinadns does. could you give this a try and set to bypass these IPs.
ssh into the router and run

 wget -O- 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' | awk -F\| '/CN\|ipv4/ { printf("%s/%d\n", $4, 32-log($5)/log(2)) }' > /etc/route_policy/domain_name/bypass_vpn

Hello all.

New to the forums.

I’ve managed to get WireGuard stable and secure here in China now… but unfortunately it bypasses and effectively blocks some China-based services that I need.

Has anyone in this conversation had any progress with bypassing China sites when using the VPN, using the VPN Policy or another method?

@reflector I tried your suggested script via SSH, but encountered an “unexpected ‘(’” error. Have you been able to take this script further?

Cheers all, thank you in advance.

I just reformated it so that it ca nbe a valid command.

An update.

I managed to use your script to define a VPN policy on my AR-750S, and it worked quite well excluding China sites from the VPN. I could surf Taobao, Weixin and other sites this side of the GFW very reliably. Thanks!

I have now used @reflector script to create a VPN policy on my GL-AR750S that works very well excluding China sites from my Wireguard connection.

I now have the new Slate AX GL-AXT1800, which has a different VPN policy setup menu to the GL-AR750S, so running the above script does not work. I haven’t been able to find any documentation or forum discussion on creating VPN policies on the Slate AX… is there any advice you can give about this?

Cheers

I checked. Unfortuantely in 4.0 the list is merged to uci.

I have talked with developers and we should use file as in 3.x. Will fix it later. But you cannot use the same as 3.x now.

Is there any update on this yet? Using a Flint.

Cheers!

I’ve tried a work-around that could work by importing a long list of China domains into the root/etc/VPN policies IP folder of the router. The list is very long and when I try enabling Policy Routing using the IP/Domain setting, the service times out and I get an error message.

The list I use is to be found at: https://www.ipdeny.com/ipblocks/data/countries/cn.zone

If I can’t get it to work using the GLI UI, then I will just have to build it in LUCI.

Admins: any ideas how to get it to work with GLI software?

Thx!

Sorry still not update.

We will do as in firmware v3.x

The “allowed-ips” part of the GUI is very limited in how many entries it can have. It doesn’t even support the full list of public (internet) ipv4 addresses that the Wireguard-for-Android app uses, and will error if you try to put that whole list in the web GUI.

I got it to work on my Flint using the last stable firmware. I batch copied the IP addresses via SSH into the /etc file and enabled. Got the error message but the router accepted it anyways.

Now installed the Beta software and there isn’t even an option to implement VPN policy anymore in the GL UI…

I also own a Beryl and here can’t batch copy the IP addresses as apparently the config file is read only… no idea on how to change this…