I would just setup a SOCKS5 proxy in a browser extension.
Can you clarify what you mean by this:
I have generated a valid and functional openVPN config file that works perfectly…
Are you saying that the openVPN config is set up as a VPN client on your UDM? Where is the server located?
I have this working today for this exact purpose (and more). Here’s what I’m doing:
- Configured a Wireguard VPN client for my VPN service (IPVanish) using a server in a state that is unaffected.
- Policy routing rule for source: Any; destination: domains with a list of affected domains I’ve come across.
- Clients are using the UDM as a DNS server. I saw this was a requirement for using domain based policy routing. (And actually I’m using pihole but the pihole uses the UDM as its upstream DNS server).
- I do not use DNS encryption or the UDM’s ad blocker. Not sure if that matters.
I added an IP address lookup site (IPchicken) to the policy route domain list so I could verify that it’s working.
It takes some time (few minutes) for new domains I add to the list to start working. Especially if I’ve visited the site already recently. Not sure if it has to close existing connections.
Personally here is what I would do, I had a similar thought on how to route just my Netflix traffic over a VPN. Grab the BGP prefixes for the site in question. So in this case PornHub. This will tell you everyone of the addresses they advertise the world with.
Now that you know all of the “possible” addresses that could be used, build a routing rule that tells those addresses to ride over the VPN while the undefined traffic will take the standard path through the default gateway.
I setup a traffic rule on my main network with an openvpn filefor nord for just pornhub.com and for all devices and it works flawlessly. My wife never even knew it was banned in our state after january.
Just as an fyi:
Are you using your ubiquiti router for DNS resolution or are you using another service/server?
In my experience, routing based on domain names doesn’t work if you do not use the ubiquiti router as the DNS server.
My go-to VPN provider is PIA. Within my UDM I built a VPN Client that’s has a persistent connection to a PIA peer point somewhere else in the country. Then setup a separate network to use for more “private” need and then a policy based route for anything in that network to traverse the PIA client VPN interface.
End result; when we I need/want to look up something I don’t want my ISP to see I just jump networks (different SSID or physical port allocation) and do what I want to do. When I’m done just jump back. This also reduces the need to put VPN clients on every node I have. Works great!
What about creating a VM on your computer and using vlans?
A much more convenient and reliable solution is to run your VPN provider’s browser extension. You can toggle it on and off right from your browser with two clicks, and it only applies to that Chrome profile, so you can have a dedicated porn Chrome profile with the VPN permanently enabled. Each profile is completely separate, so it has its own extensions, own browser history, own cookies, etc.
Can someone help me understand why this would even help?
Wouldn’t routing your traffic through the vpn (that you’re hosting at your house) still show the traffic coming from your public IP address (which is still in the state that age verification ban is in effect)?
Wouldn’t you need to be hosting the vpn in a different state for this to work?
The solution is not a VPN but a proxy or even a Socks server. Plenty of options for domain fwding and not IP.
Not sure how to set it up with the udm, but in the same manner that you can create a split tunnel VPN for DNS routing only. If you told it to only route the desired site over the VPN in wire guard, that should work.
You need to setup a virtual machine and then utilize Whisparr for all your adult content needs. Setup the VPN on the UDM and then configure all traffic from that virtual machines IP to funnel to the VPN. All other traffic from other IPs will flow normally.
Policy based routing? source your main vlan / whatever vlan you want. Then domains you want out through the VPN then interface should be one of the VPN clients you can set up in the VPN → VPN client tab using either Wiregaurd or OpenVPN test by putting https://whatismyipaddress.com/ in the same policy.
Load the site with dev tools open. They have some cdn’s hosting content and such you’ll want to tunnel.
Hetzner Germany or any alternative that lets you install any OS image, with a MikroTik cloud hosted router, setup your vpn, by Wireguard for example and you’re good.
Tell me you are in Florida without telling me you are in Florida…
I setup a separate WiFi network and left all the traffic from that network going thru the vpn. No blacklist needed.
I would think if you looked up a block list like from Blocklistproject.github.io you could use the same list to just route all things others want to block to your VPN instead
They have various formats I’m sure one should work, or a quick script could transform it for you
On wireguard client you can set ips that get routed through vpn, so you could ping your favourite websites, extract the ip from the ping result and put it into the list.
Maybe openvpn also has this ability.
You could maybe also make a seperate firewall rule on your gateway that routes all the traffic that goes to the website of your choice to a different interface, in this case the vpn.
My .02,
-dedicate a device and route all of its traffic over the VPN.
Easy, simple, and doesn’t allow everyone on the network to look at “midget amputee” or “down syndrome” porn; just you…you sick weirdo!