Netflix to skip VPN

Hi,

I set PBR to Netflix to use Wan interface and skip VPN to reach netflix.com domain but it won't work (Still have the Netflix Message that I'm using a proxy).

Here is how I did it :

VPN PBR config file :

config vpn-policy-routing 'config'
        option enabled '1'
        option verbosity '2'
        option strict_enforcement '1'
        option src_ipset '0'
        option ipv6_enabled '0'
        list supported_interface ''
        option boot_timeout '30'
        option iptables_rule_option 'append'
        option iprule_enabled '0'
        option webui_enable_column '0'
        option webui_protocol_column '0'
        option webui_sorting '1'
        list webui_supported_protocol 'tcp'
        list webui_supported_protocol 'udp'
        list webui_supported_protocol 'tcp udp'
        list webui_supported_protocol 'icmp'
        list webui_supported_protocol 'all'
        option webui_chain_column '1'
        list ignored_interface 'vpnserver wgserver'
        list ignored_interface 'lan'
        list ignored_interface 'VPNServertun'

config include
        option path '/etc/vpn-policy-routing.netflix.user'

config include
        option path '/etc/vpn-policy-routing.aws.user'
        option enabled '0'

config policy
        option interface 'wan'
        option name ' OpenVPN-server'
        option src_port '11940'
        option chain 'OUTPUT'

config policy
        option interface 'wan'
        option name 'Netflix'
        option dest_addr 'netflix.com'
        option chain 'OUTPUT'

root@OpenWrt:~#

Can someone help me point out what I did wrong ?

Thanks a lot

Wrong chain for Netflix policy, needs to be PREROUTING.

Also, make sure device you're trying to watch Netflix on is set to use your router for name resolution.

Also, restart the device you're trying to watch Netflix on.

Also (in some extreme cases), you will also need to use AWS user script too.

PS. Even with all that it still can be hit or miss, I'd recommend disabling default routing thru VPN and configuring specific policies to route via VPN if you want uninterrupted access to Netflix/Amazon.

Also you have to use the up button to put the Netflix rule first. If the default rule to put 0.0.0.0 through VPN is first in the list, your Netflix traffic will always match since 0.0.0.0 matches everything. The Netflix rule later in the list is not considered since the decision to send by VPN has already been made.

Thanks guys for your replys.

I tried most of your suggestions :

Moving the Netflix rule up (I also added a local IP address for the device), changing the chain to PREROUTING, activating the AWS script, rebooting device and router after every change.

The device I'm trying to watch Netflix on is the Shield TV Android box.
So I guess I can't do anything to change how it does the name resolution, right? An Android app maybe?

After all this still nothing.

PS. Even with all that it still can be hit or miss, I'd recommend disabling default routing thru VPN and configuring specific policies to route via VPN if you want uninterrupted access to Netflix/Amazon.

So I guess this is only the last thing I need to try.

The VPN PBR file after the changes :

config policy
        option interface 'wan'
        option name 'Netflix'
        option dest_addr 'netflix.com'
        option src_addr '192.168.1.249'

config policy
        option interface 'wan'
        option name ' OpenVPN-server'
        option src_port '11940'
        option chain 'OUTPUT'

config vpn-policy-routing 'config'
        option enabled '1'
        option verbosity '2'
        option strict_enforcement '1'
        option src_ipset '0'
        option ipv6_enabled '0'
        list supported_interface ''
        option boot_timeout '30'
        option iptables_rule_option 'append'
        option iprule_enabled '0'
        option webui_enable_column '0'
        option webui_protocol_column '0'
        option webui_sorting '1'
        list webui_supported_protocol 'tcp'
        list webui_supported_protocol 'udp'
        list webui_supported_protocol 'tcp udp'
        list webui_supported_protocol 'icmp'
        list webui_supported_protocol 'all'
        option webui_chain_column '1'
        list ignored_interface 'vpnserver wgserver'
        list ignored_interface 'lan'
        list ignored_interface 'VPNServertun'

config include
        option path '/etc/vpn-policy-routing.netflix.user'

config include
        option path '/etc/vpn-policy-routing.aws.user'

I would sitll love to have some help on this...