Unifi Route Domains By way of VPN When Utilizing AdGuard or PiHole DNS – The best way to Bypass On-line Security Act ID Checks

With the rollout of the On-line Security Act within the UK, it’s now mandatory to offer identification to web sites when viewing sure forms of materials.

The intention is to stop youngsters from accessing dangerous materials, however the system is so poorly thought-out that it’s simple to bypass with a VPN, and its broad attain means loads of comparatively regular content material will get filtered out.

Lately, my accomplice complained that she was unable to entry the True Crime subreddit resulting from this restriction. I might have arrange a VPN on her telephone and pill to bypass this, however I doubt she would ever use it, as it will be an excessive amount of of a problem for her.

VPN Evaluations

The next are all a number of years outdated, however they need to nonetheless be related.

UniFi UCG Max with Granular Management over VPN with Coverage-Primarily based Routing

I’ve the excellent UniFi UCG Max for my dwelling router, and it gives loads of VPN choices, together with the flexibility to route site visitors by third-party VPNs.

Moreover, your policy-based routing choices allow you to make use of the VPN for particular gadgets or web sites.  

I’m at present utilizing Surfshark for my VPN, which makes it very simple to arrange router VPN connections. You set it up on the Surfshark web site, then obtain the configuration file and import it into Unifi. That’s mainly it.

At first, I used the best resolution: I set my accomplice’s gadgets to make use of Surfshark routing by Eire, the closest nation that doesn’t implement the On-line Security Act.

It did an amazing job of unblocking the subreddit she wished, however, as all her site visitors was routed by Surfshark, when she accessed issues like Google, she constantly hit bot challenges.

I then tried to route site visitors primarily based on domains solely, so anytime we accessed Reddit, it will undergo Surfshark. However, it simply wouldn’t work. I assumed that it was a Reddit subdomain like redditmedia.com or redditstatic.com that was inflicting the difficulty, however these didn’t work both.

Exterior DNS, like AdGuard House and PiHole, Breaks Area-Primarily based Coverage Routing

Ultimately, I realised it was as a result of I take advantage of AdGuard House for my DNS.

Since site visitors reaches AdGuard first, it in the end bypasses the domain-based coverage routing.

Utilizing the Unifi UCG Max because the DNS server resolves the issue, however I don’t just like the ad-blocking choices with Unifi.

Ultimately, after some Googling (ChatGPT was ineffective for this), I discovered you could inform AdGuard to route sure requests by a special DNS.

So, within the case of Reddit, it’s a easy hyperlink it’s essential add to the upstream DNS servers:

[/reddit.com/]192.168.0.1 (or regardless of the IP tackle of your gateway is)

So, when a tool requests Reddit, the DNS request goes by the Unifi and the policy-based routing works.

Whereas I don’t use PiHole at dwelling, it’s doable to do the identical with this, albeit barely extra difficult.

The guides under ought to allow you to arrange all the pieces.

Organising the VPN Configuration File in Surfshark

With Surfshark, the method is easy:

1. Go to Guide set-up – I desire WireGuard
2. Choose I don’t have a key pair (assuming you haven’t achieved this earlier than)
3. Identify your connection
4. Click on generate keypair. You’ll be able to then copy the private and non-private key, however this isn’t wanted for those who obtain the conf file.
5. Choos location
6. This then opens the configuration file knowledge, and you’ll obtain the file

Organising VPN in Unifi

For the preliminary setup of the VPN in Unifi, it’s essential:

1. Go to Settings > VPN > VPN Consumer
2. Create VPN
3. Go away Wire Guard chosen and identify the VPN
4. Add the file
5. Click on Apply Adjustments

One caveat with the configuration recordsdata is that for those who add two totally different Surfshark recordsdata, you’ll get a warning that the subnet with the opposite VPN overlaps

Unifi Coverage-Primarily based Routing for particular Domains to VPN interface with AdGuard House DNS

For Aguard, that is fairly easy:

• Log in to AdGuard
• Go to Settings > DNS Settings
• Then, in Upstream DNS servers, add domains you wish to route by the VPN utilizing:
• [/domain.com/] IP  tackle of Unifi gateway, so for me that may be:

[/reddit.com/]192.168.0.1

Unifi  Coverage-Primarily based Routing for particular Domains to VPN interface with PiHole House DNS

A caveat for this information is that I don’t usually use PiHole. I put in it on Proxmox utilizing Helper Scripts. I used ChatGPT to help me, and it really works, however there could also be a simpler resolution.

That is barely extra difficult, however nonetheless simple. With the Helper Script set up on Proxmox, there is no such thing as a sudo to create recordsdata/directories

Do that (no sudo wanted):

1. Create the dnsmasq embody listing

mkdir -p /and many others/dnsmasq.d

2. Create the customized routing file

cat > /and many others/dnsmasq.d/99-reddit-override.conf <<'EOF'
server=/reddit.com/192.168.0.1
server=/redd.it/192.168.0.1
server=/redditmedia.com/192.168.0.1
server=/redditstatic.com/192.168.0.1
EOF

(Should you desire nano: nano /and many others/dnsmasq.d/99-reddit-override.conf, paste the strains, save.)

Notes:

• Pi-hole/FTL reads all *.conf recordsdata in /and many others/dnsmasq.d — that is the proper place for per-domain upstream guidelines (server=/area/UPSTREAM).
• Should you put in Pi-hole by way of Docker, run these instructions contained in the container (or map the listing as a quantity).
• This method impacts all shoppers utilizing your Pi-hole. If you need this just for particular gadgets, say and I’ll present a per-client technique.

I’m James, a UK-based tech fanatic and the Editor and Proprietor of Mighty Gadget, which I’ve proudly run since 2007. Keen about all issues know-how, my experience spans from computer systems and networking to cell, wearables, and good dwelling gadgets.

As a health fanatic who loves operating and biking, I even have a eager curiosity in fitness-related know-how, and I take each alternative to cowl this area of interest on my weblog. My numerous pursuits enable me to convey a novel perspective to tech running a blog, merging life-style, health, and the most recent tech developments.

In my educational pursuits, I earned a BSc in Data Programs Design from UCLAN, earlier than advancing my studying with a Grasp’s Diploma in Computing. This superior research additionally included Cisco CCNA accreditation, additional demonstrating my dedication to understanding and staying forward of the know-how curve.

I’m proud to share that Vuelio has constantly ranked Mighty Gadget as one of many prime know-how blogs within the UK. With my dedication to know-how and drive to share my insights, I goal to proceed offering my readers with partaking and informative content material.