I’m in one of the states with the age verification ban on adult content. I have a UDM Pro and have generated a valid and functional openVPN config file that works perfectly when all traffic is set to be forwarded via the Policy-Based Routes.
I want to only route adult traffic through this specific VPN config. Adding just “pornhub.com” and “www.pornhub.com” doesn’t allow access to the site. I’ve found some adult content blacklist and tried to import those into those domain names into the destination field but somewhere is 10s of thousands of domains there are domains that Unifi doesn’t like and I’ve done some regex searches to find potential issues such as comment fields buried in there but even after cleaning up, something isn’t right. I’ve tried importing as .txt and directly copy / paste into the batch add box.
So my request is this, does anyone have a clean .txt file that Unifi will accept or any suggestions on how to get this to route correctly without sending all of my traffic.
This subreddit is here to provide unofficial technical support to people who use or want to dive into the world of Ubiquiti products. If you haven’t already been descriptive in your post, please take the time to edit it and add as many useful details as you can.
Ubiquiti makes a great tool to help with figuring out where to place your access points and other network design questions located at:
My theory has always been that the most learning happens during the desperate times. What’s wrong with routing all traffic through the vpn? It’s only going to be for 30 seconds anyway.
I use a VPN only when spanking, and otherwise turn it off. I don’t feel a need for it most of the time, so no need to mess with firewall rules or routing. Keep it simple!
You can download a vpn client to your computer. Then, download a second web browser, like Chrome. Locate the split tunneling feature of your vpn client. Add the web browser ( Edge ) to the list. Then, use Chrome for your normal internet usage.
In my experience, openvpn is a hassle. Run wireguard in UDP and then use policy based routing for pornhub and any others. That should solve your issue going forward.
Also, I’d use DNS Shield as well to block your dns requests.
Something something, ai generated Javascript;
const dgram = require(‘dgram’);
const server = dgram.createSocket(‘udp4’);
const config = {
incomingPort: 53, // Set your incoming DNS port
whitelistIPs: [‘192.168.1.1’, ‘10.0.0.1’], // Add your whitelist IPs here
destinationDNS: ‘8.8.8.8’, // Set the actual DNS IP
openVPNCommand: ‘openvpn --config /path/to/config.ovpn’, // OpenVPN command
filteredDomains: [‘example.com’, ‘anotherdomain.com’] // Domains to filter
};
server.on(‘message’, (msg, rinfo) => {
if (!config.whitelistIPs.includes(rinfo.address)) {
console.log(Blocked request from non-whitelisted IP: ${rinfo.address});
return;
}
Policy based routing works, just use IP addresses.
And don’t use those lists you find online. A lot of websites will still work despite the law, so just add the IP address you need to the policy based route as you encounter them.
I would suggest setting up a socks proxy that uses the VPN as its gateway. Then you can use a browser extension that enacts policy routing over the proxy (instead of direct to your system gateway by default) for just certain sites. Works wonderfully for other use cases for me.
This config will have a limited audience but it works in my environment.
I have a headless Alpine VM on my server that runs a VPN connection at all times for torrents.
I put a bit of work into the vpn setup, wireguard config file, iptables kill switch etc, I seup squid on the vm to make a proxy connection available, it’s a quick switch in my desktop tool bar to pop into the existing proxy condition to the VM and ultimately out through it’s VPN connection.
Sometimes a VPN is handy on my desktop and otther times it’s annoying so it’s nice to have a quick switch between VPN and bare internet depending on need.
Would love to know how to set this up for non-porn streaming services. I’m using a free streaming service from Switzerland (Zattoo) and it would be nice if it would just work (also on my smart TVs) without the need to toggle the VPN on and off…
