For those of you who are always connected to a "anonymous VPN" (nordvpn or similar), I assume you also run into problems accessing certain streaming platforms and specific websites.
Is it somehow possible to "unblock" this websites? So they bypass the VPN and go through our regular internet connection instead.
Someone told me Opkg has a package for it, but i dont know the name of it.
Maybe we could help each other to fill a list with urls or IPs that we share with each other. I dont know. I guess more then me are annoyed with this.
Other use would be to access certain places using different country.
No easy way to do it.
You can use rules to assign different IPs to different Wans.
But in my case it is not a good solution as the same device may be good to access through VPN except in certain places.
There is a way of making some kind of traffic tagging.
But the application needs to be able to tag it's traffic.
One solution would be (for internet and web navigation) to be able to detect traffic that has already been encrypted in a VPN and direct that traffic through normal wan non encrypted path and the other through default VPN.
Thus you can install a web navigator plugin to do VPN encryption.
If you activate that the traffic will not be directed through your default VPN .
Using pbr you only can decide using IP from where it comes or the destination domain ( or IP)
Many stream places use different domains and services for streaming their video than the domain you use to access their web interface
An in depth knowledge of how they distribute their content is needed for discerning what traffic should not be vpn protected.
And that can change over time.
I use tinyproxy and a second browser profile for bypassing my privacy VPN as needed on the web.
You can tweak that solution slightly to eliminate the need for a static WAN gateway with this:
Consider tinyproxy's listen, bind, and whitelist configuration carefully to avoid unexpected behaviour. You'll almost certainly need to whitelist CloudFlare in addition to your other sites since so many services are behind it for DDOS and scraper mitigation.
dnsmasq’s nft set also automatically adds third-level domains to the set: if domain.com is added to the policy, this policy will affect all *.domain.com subdomains.
Just for reference here are some domains i use for my split tunnel and they seem to work fine
but i have heard PBR dont work so good because: