Jump to content

Policy based routing and ad-blocking


CCrouter

Recommended Posts

I've been searching the site and I can't find the information. Can it do policy based routing?

-For example, route all traffic to/from domain netflix.com through a site to site VPN or other configured VPN but not other traffic? 

I have ad-blocking turned on for my router but the Paramount Plus app doesn't work because of ad-blocking. Can I go through the traffic logs of media device, search through blocked domains, and unblock specific domains to get Paramount Plus to work?

Link to comment
Share on other sites

Sort of.  We don't support policy based routing, but Island does support per-device scheduled VPN access.

So you can set up a site-to-site VPN (or use a public one if you like) and put a default route on it, so that all traffic qualifies to go through it.  Then, if you set only your media player to be allowed to use that VPN, then you don't have to worry about configuring the myriad of Netflix IPs and domains to go through it.  You can turn that on or off as you like, or even schedule it for certain times or dates when it's necessary.

The thing is, policy based routing is not only a lot more difficult to use, but many streaming services refer to a wide variety of host/domain names and IP blocks, and it's really difficult to set up and maintain.  It's a lot easier just to route "everything" through the VPN whenever you need it, and only for the specific device(s).

As for the ad blocking, sure you could whitelist various domains, but maybe it would be easier just not to ad block that particular device?

Link to comment
Share on other sites

Thanks for the answer. This is definitely something I need. Routing all traffic through a VPN causes other issues so its much easier to route specific traffic through a VPN while the majority of traffic doesn't. As for ad-blocking. All devices should ad-block. Removing ad-block for a devices again creates other issues. It's better for me to whitelist ad domain's while blocking everything else on that device. Policy based routing is a needed feature for sure, maybe implement it in geek mode?

If these are features that can be added in the future I'll definitely consider Island Router.

Thanks for your time.

Link to comment
Share on other sites

If you will indulge me for a moment, please...

What other issues does default routing cause?

What problems does removing ad blocking on a streaming media player cause?

The reason for the current design is not only simplicity but also to recognize the general difficulty of configuring and maintaining such policies over a long period of time in the context of the modern Internet.  Policy based routing is traditionally IP-based, and maintaining lists of all of the Netflix servers' IP addresses, not to mention those of a dozen other streaming services, is really not practical.  Even if you could get all of the addresses, they can and will change over time, so it's a constant battle.  Policy based routing can't be done by host name because the name isn't known until after the connection is already made.  Doing it with DNS tracking causes problems with many applications because DNS lookup doesn't convey intent.

In my opinion, default routing through a VPN is so much simpler, and Island's ability to do that on demand and without impacting other devices on the network really is akin to policy based routing but without all of the configuration and maintenance baggage.  It solves the actual problem with elegance and simplicity, without creating new problems.

Perhaps you could just configure it and give it a try and see how you like it?

Link to comment
Share on other sites

Currently I'm using Firewalla routers to do this https://help.firewalla.com/hc/en-us/articles/360061592433-Firewalla-Policy-Content-Based-Routing and it works really well and simple to implement using domain names; ip addresses are not needed.

I have two sites using a site-to-site VPN located in different states. Host site A and client site B. I have a policy for site B for traffic matching domain netflix.com and nflxso.net route it to site A. If I were to use your default routing for all traffic through a VPN. It would cause issues with Youtube TV for example which would have issues accessing local channels in site B and would play local channels for site A instead in this case.

As for ad-blocking, it isn't as important but it does block a majority of advertising and tracking telemetry with it enabled.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...