How to implement DNS blocking bypass at the router level?

R

Renatish2016-04-02 22:12:55

Domain Name System

Renatish, 2016-04-02 22:12:55

We have:
1) an Internet connection raised via l2tp from the "Beeline" provider;
2) The connection rises over the first received DHCP (without access to the external network). If something gives, then the point is tp.internet.beeline.ru
3) DNS servers are obtained automatically. If you just replace them with public ones from Google or the like, then, of course, l2tp will not be installed;
4) If you register them as alternatives to it, then when you enter blocked resources, it still throws the beeline into the black hole -> blackhole.beeline.ru
5) The connection rises on the Asus RT-N56U of the first revision with custom firmware from Padawan (the Linux console is available, as well as the ability to install some packages from opt). Wi-Fi is distributed not to them, but to the Apple AirPort Extreme AC plugged in in bridge mode (the latter is due to the presence of AC, and the first is the inability of the second to play the VPN client).
Task: to invent a way to bypass blocking (mainly Rutracker) at the router level.
It is inconvenient to set up on separate devices, but on apple mobiles it is problematic.
A big thank you in advance for your help.

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

D

Decker, 2016-04-22
@Decker

Using alternative DNS servers in this case will not help, because. Beeline has DPI, which instead of the site's response gives your browsers a redirect to BlackHole when you try to access one of the sites listed in the registry. There can be several ways out, firstly, this is the use of the appropriate browser extension that implements Proxy or VPN, for example, ZenMate for Google Chrome. Or, from the latest news, so to speak - Opera has built a free VPN into the browser . Second is the use of a VPN. We choose any free / paid VPN service, or we raise our own, somewhere in Europe, then we set up a connection with this VPN in the router and configure routing. If we are talking specifically about Rutracker, then we prescribe the route to 195.82.146.214 via VPN.
Even easier, in order to save ourselves from such restrictions in the future - we change Asus RT-N56U to any Mikrotik RouterBoard, for example, hAP Lite , which costs about 1600 rubles. We set up the same VPN and "content filter" in it. Those. we analyze all packets coming from the 80th port, if the Location pattern is found in them: http://http://blackhole.beeline.ru/ , then we enter this IP into a special Address List. Well, one rule for the hosts included in this Address List so that they are routed through the VPN. Thus, opening any inaccessible resource for the first time, we will first see a blackhole, but opening it a second time, traffic will already go through the VPN. Thus, it is not necessary to register separately each resource to which we want to access, just two rules on the router will suffice.

S

SAMoWAR1978, 2016-08-25
@SAMoWAR1978

Can you be a little more detailed? and why Mikrotik hAP-lite? Ordinary rb951 can't do this?

K

Kirill Ivanov, 2016-11-27
@Kirillko312

Well, how? Have you solved the problem?
w3bsit3-dns.com/forum/index.php?showtopic=686221&view=find... here are links to a bypass through the torus with a USB flash drive plugged into the usb (but I personally didn’t get this solution)
Option number jwa. Perhaps now I will try.
Also l2tp, but not beeline. Yes, and Padavan firmware on xiaomi mi mini, but that's not the point

D

ddyachenko, 2017-07-25
@ddyachenko

Try to use DNS 80.80.80.80 is not blocked and anonymous unlike Google, here is the instruction: https://www.youtube.com/watch?v=MVyegC1_dvQ&featur...