wireguard bypass question

Ameretat Reith ameretat.reith at gmail.com
Sat Oct 7 15:24:54 CEST 2017


On Thu, 5 Oct 2017 18:00:00 -0700
Ryan McGee <rwm.pc.repair at gmail.com> wrote:

> So I set up the VPN using Mullvad's guad here:
> https://mullvad.net/guides/running-wireguard-router/
> 
> I've tried vpnbypass filling out just the domain
> "/netflix.com/vpnbypass" then I also tried adding the port ranges,
> IPs and ports found at:
> https://backlothelp.netflix.com/hc/en-us/articles/115000257627-What-are-Netflix-s-Aspera-IP-Addresses-and-Port-Ranges-

Ryan, Netflix IPs are much much more than this list.

> Nothing seems to work as netflix still sees me going through a VPN.

On which platform you want to watch Netflix? If It's Linux, you may mark
packets of one instance of browser by the power of namespaces and
abusing TOS field of IP packets and then on LEDE you can exclude these
packets from VPN by iptables. If you watch on any browser, dnsmasq and
IPset approach is cleanest approach [1]. If It's mobile, you need to
find Netflix and AWS IPs and route them outside of VPN by iptables. Last
approach works everywhere but It's most dirty method.

If I were you I would just start another access point in router and
exclude incoming traffic to that AP from VPN. Then I'd connect to this
AP just for watching Netflix.

1: In this case our interests are subdomains of `netflix.com` and
`nflxvideo.net`


More information about the WireGuard mailing list