Hi,
I need to direct netflix and other stream media traffic to a specific vpn tunnel. For the destination ip addresses are dynamic, I can’t add ip addresses to address list before watching video. And because sni are encrypted in tls1.3, content and tls-host do not work anymore.
In openwrt,I can use dnsmasq and ipset to solve this problem:
“server=/netflix.com/1.1.1.1#53
ipset=/netflix.com/netflixset”
Can routeros provide similiar function to add specific domian(including uncertain subdomains) ip addresses to address list?
go to ip>firewall>address list, create a new name say VPNList, address = netflex.com
go to routing>table, create a new table for your vpn routing, say ‘VPN-route’ with FIB checked.
go to ip>firewall>mangle, add a prerouting rule that destination address list = VPNList, action = mark routing, address= ‘VPN-route’.
go to ip>routes, add a new route rule, set dist address = 0.0.0.0/0, gateway = your vpn partner internal address and select ‘VPN-route’ in routing table.
this will route all your traffic with routing mark = VPN-route thru your vpn connection .