HomeConsole

Domain route via VPN

The Unified SDK provides a powerful feature which allows you to selectively route specific domains through the VPN tunnel while keeping all other traffic unaffected. This is the opposite of the Domain Bypass feature.

When you enable the "Domain route via VPN" option and specify a list of domains, only the network traffic from those domains will be sent through the VPN tunnel. All other domains will communicate normally, outside the VPN. This gives you fine-grained control over which domains use the VPN and which don't.

How it Works

Domain can be assigned to more than one DNS record and there is no way to take all addresses even for one domain name. For example, google uses a lot of CDN servers and when you open google.com with and without VPN traffic will go to different servers.

All requests to unknown resources start with domain resolving and SDK handles those DNS responses and if domain is in bypass list then SDK creates routes for addresses immediately.

SDK doesn't store any data about visited sites by user.

Domain route via VPN will not work if user uses any DNS protection methods like DNS-over-TLS. There is no way to resolve all IP addresses even for one domain.

Additional info about common issues can be found on the page Common issues.

Configuring Domains to Route via VPN

To configure the processes to route through the VPN, use the ConfigureRouteViaVpnDomains or ConfigureRouteViaVpnDomainsAsync method of the SDK. Here's an example:

var sdk = new SDK();
var routeViaVpnDomainsRequest= new RouteViaVpnDomainsRequest
{
    UpdateRouteViaVpnDomains = new UpdateRouteViaVpnDomainsRequest()
    {
        Domains = new List<string> { "foobar.com" },
    },
};

var routeViaVpnDomainsResponse = await sdk.ConfigureRouteViaVpnDomainsAsync(routeViaVpnDomainsRequest).ConfigureAwait(false);
Console.WriteLine(routeViaVpnDomainsResponse.Result);

In this example, we create a new RouteViaVpnDomainsRequest and specify the list of processes to route via VPN in the Domains property. Then we pass this request to the ConfigureRouteViaVpnDommainsAsync method.

Starting the VPN with Processes Route via VPN Enabled

After configuring the processes, you can start the VPN with the "Domain route via VPN" feature enabled:

var startVpnRequest = new StartVpnRequest
{
    Credentials = credentials,
    DeviceId = deviceId,
    VpnNode = node,
    EnableRouteViaVpn = true,
    
    // Should be disabled for proper Route via VPN work, see limitations
    EnableKillSwitch = false,
    BlockLocalNetworks = false,
    EnablePreventIPLeak = false,
};

sdk.StartVpn(startVpnRequest);
// Message: "Ok"
// Result: Ok

Limitations

Please note the following limitations of the "Domain route via VPN" feature:

  • It cannot be enabled or disabled while the VPN tunnel is active. You must configure it before starting the VPN.

  • Defense features (Killswitch, Prevent IP Leaks and Block LocalNetwork) should be disabled with enabling the Route via VPN feature (pass corresponding parameters in the StartVpnRequest with enabling the Route via VPN).

PreviousProcess route via VPNNextThrottling

Last updated