AdBlock-Without-VPN

This scenario can help you to block some Ad traffic without using a VPN provider.

Sample Configuration

L3VPN interface

You do not need to create any L3VPN interfaces.

App Routing

In this scenario, you do need to enable App Routing, please enable it in the App Routing toggle of the main screen of the App.

You should add the following routes in the App Routing section:

  • Ad Domain Set to Drop interface

    you should first create the domain set and add some Ad domains you want to block. this route will block all the traffic associated with the domains in the Ad Domain Set

  • Ad CIDR Set to Drop interface1

    you should first create the CIDR set and add some IP ranges related the Ads you want to block. this route will block all the traffic associated with the IP ranges in the Ad CIDR Set

  • DNS fallback route to Direct Virtual interface

    since you only define limited domains in Domain Set, thus you must configure a DNS fallback route to specify the domains not present in any Somain Sets should be handled, by set to Direct Virtual interface, the domains will be queried using Direct DNS servers configured in the below step.

  • 0.0.0.0/0 to Direct Virtual interface.

    this will route most of the traffic to the local internet.

VPN & DNS Settings

You cannot set up the primary and secondary DNS servers in the DNS Settings of the VPN Settings because iOS will use the internal VPN server of the MintFlow NetStack if App Routing is enabled.

You do not set up the VPN DNS servers in the Split DNS settings, since no domains will be routed to the VPN.

You need set up the Direct DNS servers in the Split DNS settings, since all the domains will be queried using the Direct DNS servers2.

You do not need to specify the route for the Direct DNS server since it's covered by the above 0.0.0.0/0 route.

Desired Behavior

With this configuration, only selected App's traffic will routed to the VPN, most of the remaining iOS app's traffic will be routed through local internet.

This scenario can be used to unlock some content blocking(such as NetFlix) in you location.

  1. this is optional if the Apps only used domains to provide service for you.

  2. blocked Ad domains's IP will be blackholed in the Packet Processing Core.