I set PBR to Netflix to use Wan interface and skip VPN to reach netflix.com domain but it won't work (Still have the Netflix Message that I'm using a proxy).
Wrong chain for Netflix policy, needs to be PREROUTING.
Also, make sure device you're trying to watch Netflix on is set to use your router for name resolution.
Also, restart the device you're trying to watch Netflix on.
Also (in some extreme cases), you will also need to use AWS user script too.
PS. Even with all that it still can be hit or miss, I'd recommend disabling default routing thru VPN and configuring specific policies to route via VPN if you want uninterrupted access to Netflix/Amazon.
Also you have to use the up button to put the Netflix rule first. If the default rule to put 0.0.0.0 through VPN is first in the list, your Netflix traffic will always match since 0.0.0.0 matches everything. The Netflix rule later in the list is not considered since the decision to send by VPN has already been made.
Moving the Netflix rule up (I also added a local IP address for the device), changing the chain to PREROUTING, activating the AWS script, rebooting device and router after every change.
The device I'm trying to watch Netflix on is the Shield TV Android box.
So I guess I can't do anything to change how it does the name resolution, right? An Android app maybe?
PS. Even with all that it still can be hit or miss, I'd recommend disabling default routing thru VPN and configuring specific policies to route via VPN if you want uninterrupted access to Netflix/Amazon.
So I guess this is only the last thing I need to try.
The VPN PBR file after the changes :
config policy
option interface 'wan'
option name 'Netflix'
option dest_addr 'netflix.com'
option src_addr '192.168.1.249'
config policy
option interface 'wan'
option name ' OpenVPN-server'
option src_port '11940'
option chain 'OUTPUT'
config vpn-policy-routing 'config'
option enabled '1'
option verbosity '2'
option strict_enforcement '1'
option src_ipset '0'
option ipv6_enabled '0'
list supported_interface ''
option boot_timeout '30'
option iptables_rule_option 'append'
option iprule_enabled '0'
option webui_enable_column '0'
option webui_protocol_column '0'
option webui_sorting '1'
list webui_supported_protocol 'tcp'
list webui_supported_protocol 'udp'
list webui_supported_protocol 'tcp udp'
list webui_supported_protocol 'icmp'
list webui_supported_protocol 'all'
option webui_chain_column '1'
list ignored_interface 'vpnserver wgserver'
list ignored_interface 'lan'
list ignored_interface 'VPNServertun'
config include
option path '/etc/vpn-policy-routing.netflix.user'
config include
option path '/etc/vpn-policy-routing.aws.user'
Did you ever get this solved? I have a VPN client setup for a family member back to my home but want to exclude Netflix from the VPN so it does not give errors, and i have yet to figure out a way to force Netflix off the VPN.
I agree it is there but it doesn't seem to be working for me and have reviewed many times with no luck, I have installed dnsmasq-full, and enabled the Custom User File for Netflix and AWS but still get everything routed via the VPN when doing a tracert.
But the custom user files do not seem to be working, if I disable the policies set then nothing gets routed via wan wile leaving the custom user files enabled, I have them both enabled in Luci and have left them as is after install.
I know is an old post.. But in case someone falls in it...
I had similar issue.
Moreover, I guess I am not acknowledge enough to make VPN-Policy-Routing work well. After many attempts I installed VPBBYPASS service.
Easier to manage and does a perfect job.
I cant use a specific script to bypass only Netflix. But I can bypass the TV (android) IP.
Therefore I can exclude my TV from VPN tunneling and whats Netflix
I hope that will work for whom is interested.
