Results 1 to 9 of 9
  1. #1
    Newbie
    Join Date
    Oct 2018
    Posts
    12

    Default Bypass Amazon Video and Netflix

    Hi all,

    I want to setup ExpressVPN on TunnelVPN so I am permanently going through a VPN, but I want Amazon Video and Netflix to bypass the tunnel. I have been adding the IP addresses from the Web report to the rules, but what condition do I add the URLs? At the moment I am adding them to Server Tagged.

    Many thanks

  2. #2
    Newbie
    Join Date
    Oct 2018
    Posts
    12

    Default

    I have tried looking through the Web reports for the IP addresses but this doesn't work. Obviously these would change depending on many factors. I have tried adding Netflix-user as a client tag but to no avail. Any hep would be appreciated.

  3. #3
    Newbie
    Join Date
    Jul 2009
    Posts
    5

    Default

    I'm trying to do exactly the same thing. I am playing with Event triggers (Config -> Events -> Triggers) to "tag" certain traffic. Then in the Rules for the Tunnel VPN, I look for the tag/s set by the Event trigger. It does work, sometimes, but seems to take a while to switch over to the VPN tunnel to the WAN. I'm sure I'm probably not doing something correctly. Here's my Event trigger:
    EventTrigger.png

    And here is my Tunnel VPN Rule:
    TunnelVpnRule.png

    I can see the sessions tagged with "netflix" in the Sessions tab, but I still get the Netflix warning about VPN not allowed for streaming. I am not sure if all traffic from the tagged PC is now being tagged or just the netflix session. This is very confusing and the documentation is lacking regarding the different "classes". I've tried a few different ones for the event trigger including the ApplicationControlLogEvent, HttpRequestEvent, and SessionEvent, but I'm not sure which one to use.

  4. #4
    Untangler
    Join Date
    Aug 2016
    Posts
    55

    Default

    Quote Originally Posted by timohayes View Post
    I'm trying to do exactly the same thing. I am playing with Event triggers (Config -> Events -> Triggers) to "tag" certain traffic. Then in the Rules for the Tunnel VPN, I look for the tag/s set by the Event trigger. It does work, sometimes, but seems to take a while to switch over to the VPN tunnel to the WAN. I'm sure I'm probably not doing something correctly. Here's my Event trigger:
    EventTrigger.png

    And here is my Tunnel VPN Rule:
    TunnelVpnRule.png

    I can see the sessions tagged with "netflix" in the Sessions tab, but I still get the Netflix warning about VPN not allowed for streaming. I am not sure if all traffic from the tagged PC is now being tagged or just the netflix session. This is very confusing and the documentation is lacking regarding the different "classes". I've tried a few different ones for the event trigger including the ApplicationControlLogEvent, HttpRequestEvent, and SessionEvent, but I'm not sure which one to use.
    Would you need to include this one too?

    NETFLXVD Netflix Video Stream

  5. #5
    Untangler
    Join Date
    Oct 2009
    Posts
    90

    Default

    Any update on this? I copied your event trigger but not working, would also like to understand where you got this event trigger info so I can understand how it works and do some further testing.

    I also need to bypass a couple of websites that do not allow anonymous access

  6. #6
    Untangler
    Join Date
    Mar 2018
    Location
    Italy
    Posts
    48

    Default

    Following...before buy a VPN account, i link to know i can bypass this kind of traffic.

  7. #7
    Newbie
    Join Date
    May 2019
    Posts
    1

    Default

    One way to do this is to set up a rule matching the source IP of the box you want to watch netflix on and bypass the VPN for that box. This works well for smart tv's.
    mtarbox likes this.

  8. #8
    Newbie
    Join Date
    Oct 2018
    Posts
    12

    Default

    Still looking at this, has anyone had any luck? It makes sense to do the source IP from my amazon fire boxes, but would like to do this for the laptops in the house. Would prefer to be permanantely going through VPN except when access these sites.

  9. #9
    Newbie
    Join Date
    Jul 2019
    Posts
    1

    Default

    Quote Originally Posted by Theldron View Post
    Still looking at this, has anyone had any luck? It makes sense to do the source IP from my amazon fire boxes, but would like to do this for the laptops in the house. Would prefer to be permanantely going through VPN except when access these sites.
    Since I couldn't figure out how to get "alias" IP groups going in UT I spent some time using the session host table, a bit of ASN research for Amazon AWS and Netflix, and a whole bunch of "reloading Netflix" until I got enough CIDRs logged for a Netflix bypass of my VPN tunnel that I force all 80, 443, 53, etc. traffic out of. I discovered a minor gotcha - IPs can be separated by commas in one rule - each CIDR has to be a unique rule (I don't think I saw that in the documentation).

    I tried using application and content trigger tags but it didn't seem to work. CIDR it is /sigh.

    Anyway, here's my list (mix of AWS/Netflix ASNs)- seems to be working (US based):
    45.57.0.0/17
    223.246.0.0/18
    37.77.184.0/21
    64.120.128.0/17
    66.197.128.0/17
    69.53.224.0/19
    108.175.32.0/20
    185.2.220.0/22
    185.9.188.0/22
    192.173.64.0/18
    198.38.96.0/19
    198.45.48.0/20
    52.44.0.0/15
    52.4.0.0/14
    3.80.0.0/12
    52.0.0.0/15
    52.70.0.0/15
    52.54.0.0/15
    35.153.0.0/16
    35.168.0.0/13
    34.224.0.0/12
    54.208.0.0/15
    52.72.0.0/15
    52.20.0.0/14
    54.172.0.0/15
    52.200.0.0/13
    23.43.160.0/22

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2