By configuring static routes on Keentic routers, you can set up services and websites in such a way that only selected resources will work with a VPN connection, while all other traffic bypasses it. Or you can exclude certain sites from using the VPN.
To configure routing, you will need to install additional components, download the file with the necessary routes, and upload them to the router.
DNS Setup
Special protocols DNS over TLS and DNS over HTTPS have been implemented for the security of DNS traffic. Their main task is to encrypt DNS traffic to prevent interception and to provide additional confidentiality and security.
Component installation
1. Перейдите в раздел Управление на вкладку Параметры системы.
2. Click on the button Change Component Set.
3. Find components by the word DNS.
4. Select services DNS-over-TLS Proxy and DNS-over-HTTPS Proxy.
5. Press Update KeeneticOS.
Adding DNS records
1. Click on the gear icon at the top right of the configurator page and select command line.
2. Enter the commands below in sequence.
That is, in the field Command you enter "dns-proxy", press Send request and so on line by line:
dns-proxy tls upstream 8.8.8.8 sni dns.google tls upstream 8.8.4.4 sni dns.google tls upstream 9.9.9.9 sni dns.quad9.net tls upstream 1.1.1.1 sni cloudflare-dns.com tls upstream 1.0.0.1 sni cloudflare-dns.com exit system configuration save
The finished list will look like this:
3. Restart the router:
Management -> System Settings -> System Reboot -> Restart.
Disabling ISP DNS and IPv6
1. Go to the Internet Connections page: Internet → CableEthernet → Connections to the Internet over Ethernet-cable → Ports and VLANs.
2. Enable the "Ignore DNSv4 of ISP" setting.
3. Also switch the IPv6 setting to "Not in use".
After you enable the "Ignore DNS" option and save the settings, you will automatically reconnect to your ISP (disconnecting and enabling the interface to access the Internet).
IMPORTANT! Before you ignore DNS provided by your ISP, make sure that there are no domain names of servers authorizing your connection in the settings.
Getting routes
Get ready-made route files for the required services at BlancVPN. For example, to connect YouTube, Google, and Instagram via VPN. Or to exclude Russian services from the VPN.
To do this, write to support and we will send you the necessary settings in a .bat file.
Adding routes
Setting up a VPN connection for specific services and websites:
1. Download and unzip the file with the routes.
2. Go to the Routing section and the Static Routes tab.
3. Click Upload from file.
4. Select the file that we sent you.
5. In the line Interface select your VPN connection.
If not all routes loaded the first time, press again Load and the router will add the missing routes.
By doing this, the connection to the selected services will go through the VPN, while other services and websites will bypass it. Meanwhile, in the access policies, keep only the "Default" policy.
Setting up VPN connection exceptions
1. Download and unzip the file with the routes.
2. Go to the Routing section and the Static Routes tab.
3. Click Upload from file.
4. Select the file that we sent you.
5. In the line Interface select your provider connection, for example, Ethernet.
If not all routes loaded on the first try, press Reload again and the router will add the missing routes.
In this way, the connection to the selected services will bypass the VPN, while other services and websites will go through the VPN. Set the access policies in accordance with our instructions for setting up VPN on Keenetic routers.