Menu Close

Allow Netflix to bypass VPN

I currently have a few of the devices on my network on an always-on VPN connection – see

This has worked great except for one issue I ran into – Netflix would not play over the VPN on these devices. After some research, I found a solution that allows all Netflix traffic to bypass the VPN so that it works on all devices using x3mRouting. This quick post will explain how.


Note that this does not let you watch Netflix in another region. This will only allow you to access Netflix in your local region on your VPN connected devices.


Things you will need:

  • An ASUS router that has USB ports, flashed with Asuswrt-Merlin
    • Note: Make sure that you have enabled SSH support as you will need it to enter commands in your router
  • A USB thumb drive, 8GB or higher should be fine
  • x3mRouting
  • amtm
  • Entware


  1. Insert your USB thumb drive into your ASUS router and wait for the device to be recognized by the router.
  2. Once the device has been recognized, install amtm by establishing an SHH connection to your router and entering the following command:

  1. Next, type in the following to launch amtm:

  1. Follow the on-screen instructions to go through the first-time setup of amtm.
  2. Once it is installed, type in fd to format your USb thumb drive as ext4. Note that you will need to reboot the router after this step.
  3. After the USB thumb drive has been formatted, type in i then press enter to see a list of available packages.
  4. At the list of options, select ep to install Entware packages. Follow the on screen instructions to install the software to the USB thumb drive – this should be automatic.
  5. Once Entware is installed, go back to the list of options and type in 6 to install x3mRouting.
  6. Durring the x3MRouting setup, select the third option – Install xm3Routing IPSET Shell Scripts.
  7. In the SSH console type in the following command:

  1. In this folder you will launch a set of scripts that will download the list of Netflix IP’s (see and will route this traffic over an interface on your router. Each interface is designated by a number on your router as follows:

Since we want to router all Netflix traffic on the WAN, we will be selecting 0.

  1. Now you will need to enter the following commands in your SSH window:

  1. After entering each command, you should see the following output:

  1. Now, go to your devices and try launch Netflix – you should now be able to watch it!
  2. Next you will need to make these scripts launch anytime the router is rebooted. To do this, create a new file in /jffs/scripts called nat-start (see and enter the following in this file:

  1. Allow the file to be executable by entering chmod a+rx /jffs/scripts/nat-start
  2. The next time you reboot the router, this file will launch the scripts. You can see the output in the System Log section of the router to make sure that the scripts were run.
Posted in ASUS, Asuswrt-Merlin, VPN

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.