Skip to content

Instantly share code, notes, and snippets.

@artrey

artrey/Custom sites VPN on Keenetic.md

Last active March 5, 2024 18:22
Show Gist options
  • Save artrey/3c7d3a41232738219d12bd3a8fe26393 to your computer and use it in GitHub Desktop.
Save artrey/3c7d3a41232738219d12bd3a8fe26393 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
chat-gpt.bat
route ADD 104.18.0.0 MASK 255.255.0.0 192.168.42.1
Raw
Custom sites VPN on Keenetic.md
  1. Установить подключение до VPN сервера
  2. Настроить DoT (DNS-over-TLS) или DoH (DNS-over-HTTPS). Сетевые правила > Интернет-фильтры > Настройка DNS > Добавить сервер. Подходит, например, сервер от яндекса: https://yandex.com/support/dns/keenetic.html
  3. Прописать статические маршруты до желаемых сервисов. Удобнее всего через bat-файл. Как узнать адреса и маски: https://forum.keenetic.com/topic/14251-%D0%BC%D0%B0%D1%80%D1%88%D1%80%D1%83%D1%82%D0%B8%D0%B7%D0%B0%D1%86%D0%B8%D1%8F-instagram/
Raw
detect.sh
~ # nslookup instagram.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost
Name: instagram.com
Address 1: 31.13.72.174 instagram-p42-shv-01-arn2.fbcdn.net
Address 2: 2a03:2880:f20a:e5:face:b00c:0:4420
~ # whois -h whois.radb.net 31.13.72.174
route: 31.13.72.0/24
descr: Facebook, Inc.
origin: AS32934
mnt-by: MAINT-AS32934
changed: jj@fb.com 20111025
source: RADB
~ # whois -h whois.radb.net '!gAS32934'
A3359
69.63.176.0/20 66.220.144.0/20 66.220.144.0/21 69.63.184.0/21 69.63.176.0/21 74.119.76.0/22 69.171.255.0/24 173.252.64.0/18 69.171.224.0/19 69.171.224.0/20 103.4.96.0/22 173.252.64.0/19 31.13.64.0/18 31.13.24.0/21 66.220.152.0/21 69.171.239.0/24 69.171.240.0/20 31.13.64.0/19 31.13.64.0/24 31.13.65.0/24 31.13.67.0/24 31.13.68.0/24 31.13.69.0/24 31.13.70.0/24 31.13.71.0/24 31.13.72.0/24 31.13.73.0/24 31.13.74.0/24 31.13.75.0/24 31.13.76.0/24 31.13.77.0/24 31.13.96.0/19 31.13.66.0/24 173.252.96.0/19 69.63.178.0/24 31.13.78.0/24 31.13.79.0/24 31.13.80.0/24 31.13.82.0/24 31.13.83.0/24 31.13.84.0/24 31.13.85.0/24 31.13.86.0/24 31.13.87.0/24 31.13.88.0/24 31.13.89.0/24 31.13.91.0/24 31.13.92.0/24 31.13.93.0/24 31.13.94.0/24 31.13.95.0/24 31.13.81.0/24 179.60.192.0/22 179.60.192.0/24 179.60.193.0/24 179.60.194.0/24 179.60.195.0/24 185.60.216.0/22 45.64.40.0/22 185.60.216.0/24 185.60.217.0/24 185.60.218.0/24 185.60.219.0/24 129.134.0.0/16 157.240.0.0/16 157.240.8.0/24 157.240.0.0/24 157.240.1.0/24 157.240.2.0/24 157.240.3.0/24 157.240.5.0/24 157.240.6.0/24 157.240.7.0/24 157.240.9.0/24 157.240.10.0/24 157.240.16.0/24 157.240.19.0/24 157.240.11.0/24 157.240.12.0/24 157.240.13.0/24 157.240.14.0/24 157.240.15.0/24 157.240.17.0/24 157.240.18.0/24 157.240.20.0/24 157.240.21.0/24 157.240.22.0/24 157.240.23.0/24 157.240.0.0/17 69.171.250.0/24 204.15.20.0/22 157.240.192.0/24 157.240.198.0/24 102.132.96.0/20 102.132.96.0/24 102.132.97.0/24 157.240.26.0/24 157.240.27.0/24 157.240.28.0/24 157.240.29.0/24 157.240.30.0/24 129.134.28.0/24 129.134.29.0/24 157.240.208.0/24 157.240.193.0/24 157.240.194.0/24 157.240.195.0/24 157.240.197.0/24 157.240.196.0/24 157.240.200.0/24 157.240.201.0/24 157.240.203.0/24 157.240.204.0/24 157.240.205.0/24 157.240.206.0/24 157.240.207.0/24 157.240.209.0/24 157.240.210.0/24 157.240.211.0/24 157.240.212.0/24 157.240.213.0/24 157.240.214.0/24 157.240.215.0/24 157.240.216.0/24 157.240.222.0/24 129.134.30.0/24 129.134.31.0/24 129.134.30.0/23 129.134.25.0/24 129
.134.26.0/24 129.134.27.0/24 102.132.99.0/24 102.132.101.0/24 129.134.64.0/24 129.134.65.0/24 129.134.66.0/24 129.134.67.0/24 157.240.219.0/24 157.240.217.0/24 157.240.218.0/24 157.240.199.0/24 129.134.127.0/24 157.240.223.0/24 157.240.192.0/18 157.240.221.0/24 157.240.220.0/24 173.252.88.0/21 129.134.68.0/24 129.134.69.0/24 129.134.70.0/24 157.240.24.0/24 157.240.25.0/24 102.132.100.0/24 157.240.31.0/24 157.240.224.0/24 129.134.71.0/24 157.240.225.0/24 157.240.226.0/24 157.240.227.0/24 129.134.0.0/17 129.134.72.0/24 129.134.73.0/24 129.134.74.0/24 185.89.218.0/24 185.89.219.0/24 185.89.218.0/23 157.240.228.0/24 157.240.229.0/24 129.134.76.0/24 129.134.75.0/24 157.240.239.0/24 157.240.240.0/24 157.240.241.0/24 157.240.231.0/24 157.240.232.0/24 157.240.233.0/24 157.240.234.0/24 157.240.235.0/24 157.240.236.0/24 129.134.77.0/24 129.134.78.0/24 129.134.79.0/24 157.240.237.0/24 157.240.238.0/24 157.240.242.0/24 157.240.243.0/24 129.134.112.0/24 157.240.100.0/24 157.240.98.0/24 157.240.96.0/24 157.240.99.0/24 157.240.101.0/24 129.134.113.0/24 129.134.114.0/24 157.240.97.0/24 129.134.115.0/24 157.240.244.0/24 157.240.245.0/24 157.240.246.0/24 157.240.247.0/24 157.240.248.0/24 185.89.219.0/24 185.89.218.0/24 185.89.218.0/23 185.89.216.0/22 147.75.208.0/20 204.15.20.0/22 69.63.176.0/20 69.63.176.0/21 69.63.184.0/21 66.220.144.0/20 69.63.176.0/20
C
~ #
~ # nslookup fasebook.com
Server: 127.0.0.1
Address 1: 127.0.0.1 localhost
Name: fasebook.com
Address 1: 31.13.72.8 edge-star-shv-01-arn2.facebook.com
Address 2: 2a03:2880:f00a:8:face:b00c:0:2
~ # whois -h whois.radb.net 31.13.72.8
route: 31.13.72.0/24
descr: Facebook, Inc.
origin: AS32934
mnt-by: MAINT-AS32934
changed: jj@fb.com 20111025
source: RADB
Raw
how-to.md
  1. Download startup-config from Keenetic
  2. Ping <desired site> to get ip
  3. Find origin: whois -h whois.radb.net <ip>
  4. Find all ip addresses: whois -h whois.radb.net '!g<origin>'
  5. Prepare new lines:
import ipaddress

ips = """...insert all ips..."""
ips = ips.split(" ")

tmpl = "ip route {address} {mask} L2TP0 auto reject !LinkedIn"

for ip in ips:
    x = ipaddress.ip_network(ip)
    print(tmpl.format(address=str(x.network_address), mask=str(x.netmask)))
  1. Insert them into startup-config
  2. Upload to the Keenetic
Raw
insta-fb.bat
route ADD 147.75.208.0 MASK 255.255.240.0 192.168.42.1
route ADD 185.89.216.0 MASK 255.255.252.0 192.168.42.1
route ADD 31.13.24.0 MASK 255.255.248.0 192.168.42.1
route ADD 31.13.64.0 MASK 255.255.224.0 192.168.42.1
route ADD 31.13.96.0 MASK 255.255.224.0 192.168.42.1
route ADD 45.64.40.0 MASK 255.255.252.0 192.168.42.1
route ADD 66.220.144.0 MASK 255.255.240.0 192.168.42.1
route ADD 69.63.176.0 MASK 255.255.240.0 192.168.42.1
route ADD 69.171.224.0 MASK 255.255.224.0 192.168.42.1
route ADD 74.119.76.0 MASK 255.255.252.0 192.168.42.1
route ADD 102.132.96.0 MASK 255.255.240.0 192.168.42.1
route ADD 103.4.96.0 MASK 255.255.252.0 192.168.42.1
route ADD 129.134.0.0 MASK 255.255.0.0 192.168.42.1
route ADD 173.252.64.0 MASK 255.255.192.0 192.168.42.1
route ADD 179.60.192.0 MASK 255.255.252.0 192.168.42.1
route ADD 185.60.216.0 MASK 255.255.252.0 192.168.42.1
route ADD 204.15.20.0 MASK 255.255.252.0 192.168.42.1
route ADD 157.240.0.0 MASK 255.255.0.0 192.168.42.1
Raw
routes.py
# pip install python-whois netaddr
import functools
import ipaddress
import re
import socket
import typing as ty
import netaddr
import whois
origin_lookup = re.compile(r"origin:\s+([a-zA-Z0-9]+)")
@functools.cache
def _get_ip(hostname: str) -> str:
return socket.gethostbyname(hostname)
def get_ips(hostname: str) -> list[str]:
pivot_ip = _get_ip(hostname)
query = whois.NICClient().whois(pivot_ip, _get_ip("whois.radb.net"), 0)
origins = set(origin_lookup.findall(query))
result = set()
for origin in origins:
data = whois.NICClient().whois(f"!g{origin}", _get_ip("whois.radb.net"), 0)
result |= set(data.split("\n")[1].split(" "))
return sorted(map(str, netaddr.IPSet(result).iter_cidrs()))
def prepare_routes(hostname: str, description: str | None = None) -> ty.Generator[str, None, None]:
description = description or hostname
tmpl = f"ip route {{address}} {{mask}} L2TP0 auto reject !{description}"
for ip in get_ips(hostname):
addr = ipaddress.ip_network(ip)
yield tmpl.format(address=str(addr.network_address), mask=str(addr.netmask))
print("\n".join(prepare_routes("instagram.com", "Facebook/Instagram")))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment