Hi guys, after 15 years of installing dd-wrt on tp-link and netgrear routers, now I moved to OpenWRT + Linksys WRT3200ACM and the first impressions are GREAT!!!!!
It was as easy as 1-2-3 to properly configure a vlan trunk and the wireguardVPN client.
Now I guess I need some more help from the community
I live abroad and this does not allow me to access to my motherland ipTV streaming.
So here what I did:
configured wireguard to connect to the router at my parents' home so I can access the TV websites from a national IP
But I'd like this routing to be reserved only for these TV websites (I checked the IP of the domain and the akamai server they rely on) and only from my smartTV.
I don't want my pc navigation to be tunneled via the VPN, nor I want the TV to use the vpn bottleneck to connect to youtube or AmazonPrimeVideo.
Right now I'm only able to route all of the lan traffic directed to the specific ipTV servers via the vpn, the matter is this affect all of the pc in my network
OR
I can route all of the traffic from the smart TV via the vpn, but this is slowing down the access to other streaming services.
How can I combine these 2 ?
I'm actually using luci-app-vpn-policy-routing and luci-app-wireguard
Configure static leases for the hosts you want to route over the VPN:
https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#static_leases
Disable gateway redirection for the VPN connection:
https://docs.openwrt.melmac.net/vpn-policy-routing/#wireguard-tunnel
Create policies to route specific hosts to specific domains over the VPN.
already done
done as well ad far as it works properly
I've tried via the luci-app-vpn-policy-routing, but is not working as I'd like it to. So this is what I need help for
Create a policy like this:
| Local addresses | Remote addresses | Interface |
|---|---|---|
| Specific host IP in your LAN | List of domains on the internet | VPN interface |
Pretty sure the service uses more than one domain.
You can inspect a web page in the browser to identify which domains it relies on.
I did it (thus it's not in the screenshot...it was another try)
I used the MEDIA filter in the network tab of the web developer feature in FF
and actually I used the corresponding public IPs, indeed setting a wider subnet mask (sometimes /24, sometimes /16 !!!!) because they were too many and changing too much. Basically I guess I configured most of the akamai network POP in Italy.
Maybe if I could use wildcards to configure the domains (looks like the 3rd level domain are configured on the fly according to the name of the tv program actually on air and the name of the tv channel. So it would takes ages to get them all. And I guess if I configure the WHOLE akamai network (not juts its italian IPs) ....it would mess up with other streaming services (actually forcing them through the VPN, which would turn out as a bottleneck.
I guess being able to use wild cards in the domain name (the 3rd level domain actually), would do the trick
Yep, this is a problem with services using CDNs.
It makes destination filter virtually useless.
Unfortunately, there's no good solution.