Requests for "Do not VPN these services" options

[georgmi]

I'm running an OpenVPN VM through DigitalOcean for most of my Internet usage, but many of my media streaming services block me because the DigitalOcean data center is known for this functionality.

I would love it if I could add services to "Do not VPN these services" by IP address (or IP range).

Alternately, if y'all could add media streaming services (Hulu and Netflix for sure, don't know yet whether Prime Video also blocks the data center) to the existing "Basic" list, that would be even easier.

Thanks much!

[georgmi]

Or, y'know, if there is already a way to do this and I'm just too dumb to figure it out, a pointer in the right direction would be greatly appreciated.

[BIG__DOG]

Hybrid vpn allows you to stop certain decies/ services from going through a vpn but these services are gaming mainly and not services like netflix. Alternative vpn services like purevpn allow you to use their app to connect to us or uk netflix or hulu etc etc specifically for those services.

[Netduma Fraser]

Hey, welcome to the forum!

You could add the ports for these individual services but the trouble comes as they most likely use port 80 (HTTP) or 443 (HTTPS) which are the common internet ports and then anything on that device using those ports wouldn't be protected.

Alternatively it could be easier to use 'Only VPN these services' and ports for the normal services/applications you use.

I think it would require a lot of work in order to specifically detect these services so that you wouldn't have to expose port 80 & 443 but I'll suggest it to the team.

[iPollox]

I’m trying to switch from using my VPN’s standalone app to have my PC affected by the VPN through the router.

The issue is, there’s some Microsoft and other websites that just simply don’t work when using a VPN, so I agree with the Original Poster, that we should be allowed to add services by IP/URL.

When you head to google’s site for example, your DNS has to look up for the IP to know where to go essentially, so I find it hard to believe that the router doesn’t know which “IP (domain)” is currently about to send/receive requests to/from to apply the VPN just like ports

[Netduma Fraser]

Thanks for your use case as well, I've passed it on to the team to see if it's something they want to include in the future

[georgmi]

On 3/24/2019 at 5:47 AM, Netduma Fraser said:

Hey, welcome to the forum!

You could add the ports for these individual services but the trouble comes as they most likely use port 80 (HTTP) or 443 (HTTPS) which are the common internet ports and then anything on that device using those ports wouldn't be protected.

Alternatively it could be easier to use 'Only VPN these services' and ports for the normal services/applications you use.

I think it would require a lot of work in order to specifically detect these services so that you wouldn't have to expose port 80 & 443 but I'll suggest it to the team.

Thanks!

I agree, it would probably be a lot of work to detect specific application traffic, which is why it would be nice to be able to route via IP address / DNS name.

What I'm doing in the meantime is using nslookup to find all the IP addresses associated with the services for which I want to bypass the VPN (because the lists I've found online appear to be out-of-date) and adding them to my VPN config on my router, but that's a pretty labor-intensive job.

My other worry is running out of room for the routing table on my router (it's a Netgear Nighthawk XR500) and/or hitting a performance threshold. Any guidance on how big I can make my route table before running into issues?

[Netduma Admin]

On 3/30/2019 at 11:29 PM, georgmi said:

Thanks!

I agree, it would probably be a lot of work to detect specific application traffic, which is why it would be nice to be able to route via IP address / DNS name.

What I'm doing in the meantime is using nslookup to find all the IP addresses associated with the services for which I want to bypass the VPN (because the lists I've found online appear to be out-of-date) and adding them to my VPN config on my router, but that's a pretty labor-intensive job.

My other worry is running out of room for the routing table on my router (it's a Netgear Nighthawk XR500) and/or hitting a performance threshold. Any guidance on how big I can make my route table before running into issues?

I'm not sure I'm afraid, probably one for NETGEAR. 

Thanks for sharing your use case. We're be looking into all these areas throughout the next few months so keep a look out for future firmware upgrades.